Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
venomderek.exe

Overview

General Information

Sample name:venomderek.exe
Analysis ID:1568493
MD5:8c1a3371880670ae29eb22eec13df95e
SHA1:642e25d5a8a9e52ae970d3cc1f41388d4468259a
SHA256:39e4e2d97af7b2be0aa8806afbc4d4766bc057264f556733b392ffb766174dce
Tags:exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • venomderek.exe (PID: 4960 cmdline: "C:\Users\user\Desktop\venomderek.exe" MD5: 8C1A3371880670AE29EB22EEC13DF95E)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: venomderek.exe PID: 4960JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: venomderek.exe PID: 4960JoeSecurity_CredGrabberYara detected CredGrabberJoe Security
          Process Memory Space: venomderek.exe PID: 4960JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.venomderek.exe.2733bde0000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              0.2.venomderek.exe.2733bde0000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-04T17:09:29.817533+010020494411A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-04T17:09:29.817533+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                2024-12-04T17:09:29.938186+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-04T17:09:29.817533+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                2024-12-04T17:09:29.938186+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0.2.venomderek.exe.2733bde0000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}
                Multi AV Scanner detection for submitted file
                Source: venomderek.exeReversingLabs: Detection: 44%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE51EA0 CryptUnprotectData,LocalFree,0_2_000002733BE51EA0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE15EE0 CryptUnprotectData,LocalFree,0_2_000002733BE15EE0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE521C0 CryptProtectData,LocalFree,0_2_000002733BE521C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BEB2090 CryptUnprotectData,0_2_000002733BEB2090
                Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: venomderek.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE99810 FindClose,FindFirstFileExW,GetLastError,0_2_000002733BE99810
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE998C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000002733BE998C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE613B0 GetLogicalDriveStringsW,0_2_000002733BE613B0
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: global trafficTCP traffic: 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                Source: Joe Sandbox ViewIP Address: 45.130.145.152 45.130.145.152
                Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5F200 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,0_2_000002733BE5F200
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: venomderek.exe, 00000000.00000003.1696145546.000002733C1F1000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1928555875.000002733C200000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1928527130.000002733C200000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1928612447.000002733C204000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
                Source: venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgP
                Source: venomderek.exe, 00000000.00000003.1708499666.000002733A497000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: venomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: venomderek.exe, 00000000.00000003.1708499666.000002733A497000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: venomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: venomderek.exe, 00000000.00000003.1697981552.000002733BD3B000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: venomderek.exe, 00000000.00000003.1697981552.000002733BD3B000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: venomderek.exe, 00000000.00000003.1697981552.000002733BD3B000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: venomderek.exe, 00000000.00000003.1699663954.000002733A4A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mic
                Source: venomderek.exe, 00000000.00000003.1702024780.000002733CB12000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1704041029.000002733D2CB000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD89000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C008000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD71000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702773771.000002733C11C000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C000000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702024780.000002733CB0A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C0C0000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C114000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C0C8000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                Source: venomderek.exe, 00000000.00000003.1698833746.000002733CAA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: venomderek.exe, 00000000.00000003.1698680563.000002733BD6A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698833746.000002733CA83000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698680563.000002733BD43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: venomderek.exe, 00000000.00000003.1698833746.000002733CAA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: venomderek.exe, 00000000.00000003.1698680563.000002733BD6A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698833746.000002733CA83000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698680563.000002733BD43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: venomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: venomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: venomderek.exe, 00000000.00000003.1702024780.000002733CB12000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1704041029.000002733D2CB000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD89000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C008000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD71000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702773771.000002733C11C000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C000000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702024780.000002733CB0A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C0C0000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C114000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C0C8000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: venomderek.exe, 00000000.00000003.1701297813.000002733C124000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C00F000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C0CF000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1703284184.000002733CB1A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: venomderek.exe, 00000000.00000003.1701297813.000002733C124000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C00F000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C0CF000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1703284184.000002733CB1A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_000002733BE5FB30
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE63CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_000002733BE63CF0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE643F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000002733BE643F0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BEB26E0 NtAllocateVirtualMemory,0_2_000002733BEB26E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626BE34C0 NtQueryVirtualMemory,NtProtectVirtualMemory,0_2_00007FF626BE34C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE61FF00_2_000002733BE61FF0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE58F600_2_000002733BE58F60
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1CF600_2_000002733BE1CF60
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1ACC00_2_000002733BE1ACC0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE413400_2_000002733BE41340
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE222D00_2_000002733BE222D0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5F2000_2_000002733BE5F200
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE0F1C00_2_000002733BE0F1C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE8114C0_2_000002733BE8114C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE670B00_2_000002733BE670B0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE616600_2_000002733BE61660
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE6662B0_2_000002733BE6662B
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE6C55A0_2_000002733BE6C55A
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE7749C0_2_000002733BE7749C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE68B700_2_000002733BE68B70
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5FB300_2_000002733BE5FB30
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE9E9680_2_000002733BE9E968
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE998C00_2_000002733BE998C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1C8C00_2_000002733BE1C8C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE0F8B00_2_000002733BE0F8B0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE608200_2_000002733BE60820
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1B8200_2_000002733BE1B820
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4CF700_2_000002733BE4CF70
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE0FEE00_2_000002733BE0FEE0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE89EA00_2_000002733BE89EA0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5AE500_2_000002733BE5AE50
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE7EE060_2_000002733BE7EE06
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BDE5DB00_2_000002733BDE5DB0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE70D980_2_000002733BE70D98
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4FDB00_2_000002733BE4FDB0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE84D780_2_000002733BE84D78
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BDE6D200_2_000002733BDE6D20
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE72CD00_2_000002733BE72CD0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE78C340_2_000002733BE78C34
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4CC500_2_000002733BE4CC50
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE643F00_2_000002733BE643F0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE083D00_2_000002733BE083D0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE813C80_2_000002733BE813C8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE2E3200_2_000002733BE2E320
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4C3000_2_000002733BE4C300
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE102E00_2_000002733BE102E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE9E2CC0_2_000002733BE9E2CC
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4D2A00_2_000002733BE4D2A0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE582300_2_000002733BE58230
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE551E00_2_000002733BE551E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE501F00_2_000002733BE501F0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1A1F00_2_000002733BE1A1F0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BDE61800_2_000002733BDE6180
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE161300_2_000002733BE16130
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE2E1300_2_000002733BE2E130
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE190900_2_000002733BE19090
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE770600_2_000002733BE77060
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4F0400_2_000002733BE4F040
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE750440_2_000002733BE75044
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE7F7F40_2_000002733BE7F7F4
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE747FC0_2_000002733BE747FC
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE567600_2_000002733BE56760
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE647400_2_000002733BE64740
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE7E6F80_2_000002733BE7E6F8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE447100_2_000002733BE44710
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE286D00_2_000002733BE286D0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE366A00_2_000002733BE366A0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE506A60_2_000002733BE506A6
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE6B68A0_2_000002733BE6B68A
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE745F80_2_000002733BE745F8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4C6000_2_000002733BE4C600
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BDE66100_2_000002733BDE6610
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE355B00_2_000002733BE355B0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE055200_2_000002733BE05520
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE605000_2_000002733BE60500
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE065100_2_000002733BE06510
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE854E80_2_000002733BE854E8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE8A4380_2_000002733BE8A438
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE17B8D0_2_000002733BE17B8D
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE829F40_2_000002733BE829F4
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE74A000_2_000002733BE74A00
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE39A100_2_000002733BE39A10
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE819B80_2_000002733BE819B8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE869840_2_000002733BE86984
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE489500_2_000002733BE48950
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4C9300_2_000002733BE4C930
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE528C00_2_000002733BE528C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE758D00_2_000002733BE758D0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE7088C0_2_000002733BE7088C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE2C8200_2_000002733BE2C820
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1F7EC0_2_00007FF626C1F7EC
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C207B40_2_00007FF626C207B4
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C027B00_2_00007FF626C027B0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C287580_2_00007FF626C28758
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C328CC0_2_00007FF626C328CC
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C2C8B40_2_00007FF626C2C8B4
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C268440_2_00007FF626C26844
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1C5500_2_00007FF626C1C550
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626BF67300_2_00007FF626BF6730
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626BF66E00_2_00007FF626BF66E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C223EC0_2_00007FF626C223EC
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C273580_2_00007FF626C27358
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C2A4480_2_00007FF626C2A448
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C181D00_2_00007FF626C181D0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1A1400_2_00007FF626C1A140
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C122E80_2_00007FF626C122E8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C202A80_2_00007FF626C202A8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1AF560_2_00007FF626C1AF56
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C17F900_2_00007FF626C17F90
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1CFA00_2_00007FF626C1CFA0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C241100_2_00007FF626C24110
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C3209C0_2_00007FF626C3209C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C030B00_2_00007FF626C030B0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C43DA00_2_00007FF626C43DA0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C2FF2C0_2_00007FF626C2FF2C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1CEB20_2_00007FF626C1CEB2
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C19C100_2_00007FF626C19C10
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C14C300_2_00007FF626C14C30
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C18C300_2_00007FF626C18C30
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1FBF40_2_00007FF626C1FBF4
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C12B970_2_00007FF626C12B97
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C29CD80_2_00007FF626C29CD8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C26CD80_2_00007FF626C26CD8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1CA200_2_00007FF626C1CA20
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626BF39E00_2_00007FF626BF39E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1F9F00_2_00007FF626C1F9F0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C2FA900_2_00007FF626C2FA90
                Source: C:\Users\user\Desktop\venomderek.exeCode function: String function: 000002733BE0B930 appears 32 times
                Source: C:\Users\user\Desktop\venomderek.exeCode function: String function: 000002733BE25330 appears 70 times
                Source: C:\Users\user\Desktop\venomderek.exeCode function: String function: 000002733BE14C00 appears 41 times
                Source: C:\Users\user\Desktop\venomderek.exeCode function: String function: 00007FF626BF51F0 appears 69 times
                Source: classification engineClassification label: mal100.troj.spyw.winEXE@1/0@1/2
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE65970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_000002733BE65970
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BEB2008 AdjustTokenPrivileges,CredEnumerateA,0_2_000002733BEB2008
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1C8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000002733BE1C8C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE4F1B5 CoCreateInstance,0_2_000002733BE4F1B5
                Source: C:\Users\user\Desktop\venomderek.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E696346D1D357
                Source: venomderek.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\venomderek.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: venomderek.exeReversingLabs: Detection: 44%
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: venomderek.exeStatic PE information: Image base 0x140000000 > 0x60000000
                Source: venomderek.exeStatic file information: File size 3341824 > 1048576
                Source: venomderek.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2bd800
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: venomderek.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: venomderek.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: venomderek.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: venomderek.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: venomderek.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: venomderek.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: venomderek.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000002733BE1B820
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5E89C push rbx; iretd 0_2_000002733BE5E89D
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE5E874 push rbx; iretd 0_2_000002733BE5E875
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1D8A1 push rdi; ret 0_2_00007FF626C1D8A5
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1D2C0 push rcx; iretd 0_2_00007FF626C1D2C1
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1DB8C push rdi; ret 0_2_00007FF626C1DB90
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C1DB93 push rcx; iretd 0_2_00007FF626C1DB94
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE56480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_000002733BE56480
                Source: C:\Users\user\Desktop\venomderek.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE99810 FindClose,FindFirstFileExW,GetLastError,0_2_000002733BE99810
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE998C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000002733BE998C0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE613B0 GetLogicalDriveStringsW,0_2_000002733BE613B0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE77348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_000002733BE77348
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: venomderek.exe, 00000000.00000003.1696909206.000002733A435000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000002.1928982571.000002733A3F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWu
                Source: venomderek.exe, 00000000.00000003.1696909206.000002733A435000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000002.1928982571.000002733A3F9000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000002.1929160781.000002733BCAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\Desktop\venomderek.exeAPI call chain: ExitProcess graph end nodegraph_0-94876
                Source: C:\Users\user\Desktop\venomderek.exeAPI call chain: ExitProcess graph end nodegraph_0-94882
                Source: C:\Users\user\Desktop\venomderek.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE643F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000002733BE643F0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BEB22C8 IsDebuggerPresent,0_2_000002733BEB22C8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE9BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000002733BE9BB14
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE1B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000002733BE1B820
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE87F00 GetProcessHeap,0_2_000002733BE87F00
                Source: C:\Users\user\Desktop\venomderek.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BEB22D8 SetUnhandledExceptionFilter,0_2_000002733BEB22D8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE6F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000002733BE6F920
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C21E68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF626C21E68
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C35AC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF626C35AC0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE551E0 ShellExecuteW,0_2_000002733BE551E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_00007FF626C29AA0 cpuid 0_2_00007FF626C29AA0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_000002733BE86F14
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,0_2_000002733BE7BC68
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_000002733BE873D8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_000002733BEB2398
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,0_2_000002733BE87340
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,0_2_000002733BE87270
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_000002733BE7C1A8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_000002733BE87778
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_000002733BE87620
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_000002733BE99480
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000002733BE8795C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_000002733BE87828
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_00007FF626C2D758
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF626C2D88C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_00007FF626C2D550
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF626C2D6A8
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,0_2_00007FF626C291E0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,0_2_00007FF626C2D1A0
                Source: C:\Users\user\Desktop\venomderek.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF626C2D308
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,0_2_00007FF626C2D270
                Source: C:\Users\user\Desktop\venomderek.exeCode function: EnumSystemLocalesW,0_2_00007FF626C28E4C
                Source: C:\Users\user\Desktop\venomderek.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF626C2CE44
                Source: C:\Users\user\Desktop\venomderek.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE8DC18 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_000002733BE8DC18
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE60110 GetUserNameW,0_2_000002733BE60110
                Source: C:\Users\user\Desktop\venomderek.exeCode function: 0_2_000002733BE8114C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_000002733BE8114C

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: venomderek.exe PID: 4960, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.venomderek.exe.2733bde0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.venomderek.exe.2733bde0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: venomderek.exe PID: 4960, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum\wallets
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
                Source: venomderek.exe, 00000000.00000003.1699713651.000002733A495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
                Source: venomderek.exe, 00000000.00000003.1708776603.000002733A472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallets\
                Source: venomderek.exe, 00000000.00000003.1708776603.000002733A472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreofilesh5
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: venomderek.exe, 00000000.00000003.1708776603.000002733A472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\Local Storage\leveldbks
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: venomderek.exe, 00000000.00000003.1708776603.000002733A472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsF:s
                Source: venomderek.exe, 00000000.00000003.1708776603.000002733A472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*85
                Source: venomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\venomderek.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\venomderek.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\venomderek.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: Process Memory Space: venomderek.exe PID: 4960, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: venomderek.exe PID: 4960, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.venomderek.exe.2733bde0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.venomderek.exe.2733bde0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: venomderek.exe PID: 4960, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Access Token Manipulation                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Screen Capture                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Access Token Manipulation                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Query Registry                		Remote Desktop Protocol1
                Email Collection                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		2
                Obfuscated Files or Information                		Security Account Manager31
                Security Software Discovery                		SMB/Windows Admin Shares1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDS2
                Process Discovery                		Distributed Component Object Model2
                Data from Local System                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
                Account Discovery                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                System Owner/User Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                System Network Configuration Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
                File and Directory Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow34
                System Information Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                venomderek.exe45%ReversingLabsWin64.Trojan.CrypterX

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://api.ipify.orgP0%Avira URL Cloudsafe
                https://support.mic0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		104.26.13.205
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabvenomderek.exe, 00000000.00000003.1697981552.000002733BD3B000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD3B000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFvenomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=venomderek.exe, 00000000.00000003.1697981552.000002733BD3B000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD3B000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgvenomderek.exe, 00000000.00000003.1708499666.000002733A497000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.icovenomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.venomderek.exe, 00000000.00000003.1708499666.000002733A497000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=venomderek.exe, 00000000.00000003.1697981552.000002733BD3B000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698368383.000002733BD3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctavenomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016venomderek.exe, 00000000.00000003.1698833746.000002733CAA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17venomderek.exe, 00000000.00000003.1698833746.000002733CAA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.micvenomderek.exe, 00000000.00000003.1699663954.000002733A4A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.ecosia.org/newtab/venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brvenomderek.exe, 00000000.00000003.1705089454.000002733D72B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ac.ecosia.org/autocomplete?q=venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgvenomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYivenomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installvenomderek.exe, 00000000.00000003.1698680563.000002733BD6A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698833746.000002733CA83000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698680563.000002733BD43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchvenomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://api.ipify.orgPvenomderek.exe, 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://support.mozilla.orgvenomderek.exe, 00000000.00000003.1702024780.000002733CB12000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1704041029.000002733D2CB000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD89000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C008000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD71000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702773771.000002733C11C000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C000000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702024780.000002733CB0A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701297813.000002733C0C0000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C114000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1701725872.000002733C0C8000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1702093954.000002733BD81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesvenomderek.exe, 00000000.00000003.1698680563.000002733BD6A000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698833746.000002733CA83000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1698680563.000002733BD43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ns.microsoft.t/Regivenomderek.exe, 00000000.00000003.1696145546.000002733C1F1000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1928555875.000002733C200000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1928527130.000002733C200000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1928612447.000002733C204000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=venomderek.exe, 00000000.00000003.1698368383.000002733BD54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94venomderek.exe, 00000000.00000003.1708874852.000002733A4CE000.00000004.00000020.00020000.00000000.sdmp, venomderek.exe, 00000000.00000003.1708776603.000002733A442000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  104.26.13.205
                                                                  		api.ipify.orgUnited States
                                                                  		13335CLOUDFLARENETUSfalse
                                                                  45.130.145.152
                                                                  		unknownRussian Federation
                                                                  		49392ASBAXETNRUtrue

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1568493
                                                                  Start date and time:2024-12-04 17:08:32 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 4m 6s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:4
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:venomderek.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.winEXE@1/0@1/2
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:
                                                                  • Successful, ratio: 99%
                                                                  • Number of executed functions: 100
                                                                  • Number of non-executed functions: 123
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Stop behavior analysis, all processes terminated

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • VT rate limit hit for: venomderek.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  104.26.13.2052b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                  • api.ipify.org/
                                                                  Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                                  • api.ipify.org/
                                                                  45.130.145.152siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                      siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                        chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                          9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                              9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                  brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                    YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      api.ipify.orgDocumenti di spedizione.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                      • 104.26.13.205
                                                                                      Order NO 000293988494948595850000595995000.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                      • 104.26.12.205
                                                                                      Employee_Bonus_Notlce.pdfGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.74.152
                                                                                      Employee_Important_Message.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 104.26.12.205
                                                                                      v58HgfB8Af.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.26.13.205
                                                                                      zwW6sDt6hU.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                      • 104.26.12.205
                                                                                      e7lGwhCp7r.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.26.12.205
                                                                                      Svku9pKypu.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                      • 104.26.12.205
                                                                                      pR65xo6sud.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                      • 104.26.12.205
                                                                                      uLFOeGZaJS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 172.67.74.152

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 104.21.3.89
                                                                                      nbjekadkthgawd.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.165.166
                                                                                      fukjsefsdfh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 104.21.82.174
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.165.166
                                                                                      17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                      • 162.159.61.3
                                                                                      downloader2.htaGet hashmaliciousXWormBrowse
                                                                                      • 104.21.80.1
                                                                                      1733325245efb540ba670bc87cda05695e7839c909eeca3e1633b495d258461820ead14a47442.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.211.47
                                                                                      https://larester.es/rhude/Odrivex/Get hashmaliciousUnknownBrowse
                                                                                      • 104.16.124.96
                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                      • 188.114.97.6
                                                                                      rOJS25YL2e.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 104.21.67.152
                                                                                      ASBAXETNRUbotnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                      • 212.196.108.28
                                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      ppc.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      hmips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      1732748284fd56a2da13edf4ae4b865c44fa6834581d27eb2edbfe3fc50ef131cb95db5639506.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                      • 45.135.232.38
                                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      37f463bf4616ecd445d4a1937da06e19Ttok18.exeGet hashmaliciousVidarBrowse
                                                                                      • 104.26.13.205
                                                                                      jtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                      • 104.26.13.205
                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                      • 104.26.13.205
                                                                                      1733325245efb540ba670bc87cda05695e7839c909eeca3e1633b495d258461820ead14a47442.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      FwhEhTLFjX.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      7oE3oHSo29.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      zLL6hlzpzh.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      RcF6bkWVZQ.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      3FHcnOdHz2.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      N6qmjsVv1D.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      No created / dropped files found

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Entropy (8bit):4.216644182067662
                                                                                      TrID:
                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:venomderek.exe
                                                                                      File size:3'341'824 bytes
                                                                                      MD5:8c1a3371880670ae29eb22eec13df95e
                                                                                      SHA1:642e25d5a8a9e52ae970d3cc1f41388d4468259a
                                                                                      SHA256:39e4e2d97af7b2be0aa8806afbc4d4766bc057264f556733b392ffb766174dce
                                                                                      SHA512:8e7b06b4dbe4277390d504a628ada5ff65261408352c9ea66ebcec5f3afd7a7ed7cb2106cec632870d6a7945e96b44818585c21659dc4d6562d473b3e73367a1
                                                                                      SSDEEP:24576:S/frmzI7lsX7Rh7lmXh0lhSMXlWuyuLNMkda9L9kKVHnwWt:KfrmzI7OXBGuyuza9n
                                                                                      TLSH:F4F5AD6BEE4064F2D874D13488A3076BBA767481C37183C75A98672A5F527E43F3AF84
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..f...5...5...5.x.4...5.x.4...5.x.4V..5A..4...5A..4...5A..4...52|.4$..52|.4...5By.4...5A..4...5...5...5Ay.4...5AyH5...5Ay.4...

                                                                                      File Icon

                                                                                      Icon Hash:90cececece8e8eb0

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x140055a30
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x140000000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x67451F50 [Tue Nov 26 01:07:28 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:6
                                                                                      OS Version Minor:0
                                                                                      File Version Major:6
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:6
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:de1751741e7d5e07ce98493d3f0130fc

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      call 00007F66F0D8CD3Ch
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      jmp 00007F66F0D8C0BFh
                                                                                      int3
                                                                                      int3
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      dec ebp
                                                                                      mov eax, dword ptr [ecx+38h]
                                                                                      dec eax
                                                                                      mov ecx, edx
                                                                                      dec ecx
                                                                                      mov edx, ecx
                                                                                      call 00007F66F0D8C252h
                                                                                      mov eax, 00000001h
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      ret
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      inc eax
                                                                                      push ebx
                                                                                      inc ebp
                                                                                      mov ebx, dword ptr [eax]
                                                                                      dec eax
                                                                                      mov ebx, edx
                                                                                      inc ecx
                                                                                      and ebx, FFFFFFF8h
                                                                                      dec esp
                                                                                      mov ecx, ecx
                                                                                      inc ecx
                                                                                      test byte ptr [eax], 00000004h
                                                                                      dec esp
                                                                                      mov edx, ecx
                                                                                      je 00007F66F0D8C255h
                                                                                      inc ecx
                                                                                      mov eax, dword ptr [eax+08h]
                                                                                      dec ebp
                                                                                      arpl word ptr [eax+04h], dx
                                                                                      neg eax
                                                                                      dec esp
                                                                                      add edx, ecx
                                                                                      dec eax
                                                                                      arpl ax, cx
                                                                                      dec esp
                                                                                      and edx, ecx
                                                                                      dec ecx
                                                                                      arpl bx, ax
                                                                                      dec edx
                                                                                      mov edx, dword ptr [eax+edx]
                                                                                      dec eax
                                                                                      mov eax, dword ptr [ebx+10h]
                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                      dec eax
                                                                                      mov eax, dword ptr [ebx+08h]
                                                                                      test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                      je 00007F66F0D8C24Dh
                                                                                      movzx eax, byte ptr [ecx+eax+03h]
                                                                                      and eax, FFFFFFF0h
                                                                                      dec esp
                                                                                      add ecx, eax
                                                                                      dec esp
                                                                                      xor ecx, edx
                                                                                      dec ecx
                                                                                      mov ecx, ecx
                                                                                      pop ebx
                                                                                      jmp 00007F66F0D8BC86h
                                                                                      int3
                                                                                      inc eax
                                                                                      push ebx
                                                                                      dec eax
                                                                                      sub esp, 20h
                                                                                      dec eax
                                                                                      mov ebx, ecx
                                                                                      xor ecx, ecx
                                                                                      call dword ptr [0001563Fh]
                                                                                      dec eax
                                                                                      mov ecx, ebx
                                                                                      call dword ptr [0001562Eh]
                                                                                      call dword ptr [000155B0h]
                                                                                      dec eax
                                                                                      mov ecx, eax
                                                                                      mov edx, C0000409h
                                                                                      dec eax
                                                                                      add esp, 20h
                                                                                      pop ebx
                                                                                      dec eax
                                                                                      jmp dword ptr [00015624h]
                                                                                      dec eax
                                                                                      mov dword ptr [esp+00h], ecx

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x327b9c0x64.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3320000x1e0.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x32c0000x57e4.pdata
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x3330000x1d38.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x320ef00x38.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x3211000x28.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x320db00x140.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x6b0000x330.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x692f00x69400201d673c76ad9fae647f8cd6a278e333False0.4342200489904988data6.181155425260236IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x6b0000x2bd6960x2bd8006599172dd241f7d115afebbfecce8712unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x3290000x2f1c0x16008e0cf2168d43982c322bc34eed94de2bFalse0.18980823863636365data3.2059756111359152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .pdata0x32c0000x57e40x58004c0d14150dd6a4ac35b35408d7a8233dFalse0.47767223011363635data5.711183919097264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x3320000x1e00x2000c1ab865bc43ec75ebd479502575ccefFalse0.525390625data4.700456763479242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x3330000x1d380x1e003d9cd06dc9d02c11c130514ad02ec0c5False0.6712239583333334data6.471011674882192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_MANIFEST0x3320600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                      Imports

                                                                                      DLLImport
                                                                                      ntdll.dllRtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
                                                                                      KERNEL32.dllGetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, FindNextFileW, FindFirstFileExW, FindClose, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, VirtualQuery, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetLastError, DeleteCriticalSection, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetCurrentThreadId, GetStdHandle, GetFileType, FreeEnvironmentStringsW, RaiseException, HeapReAlloc, HeapSize, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, EnumSystemLocalesW, GetCPInfo, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetModuleHandleExW, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, GetProcessHeap, SetStdHandle, ReadConsoleW, FlushFileBuffers, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetUserDefaultLCID, InitializeCriticalSectionEx, DecodePointer, LCMapStringEx
                                                                                      USER32.dllLoadAcceleratorsA, LoadAcceleratorsW
                                                                                      ADVAPI32.dllGetTokenInformation, OpenProcessToken

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-12-04T17:09:29.817533+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-04T17:09:29.817533+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-04T17:09:29.817533+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-04T17:09:29.938186+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-04T17:09:29.938186+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 4, 2024 17:09:23.638418913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:23.758595943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:23.758871078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:23.959229946 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:23.959294081 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:23.959361076 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:23.969393969 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:23.969432116 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.209085941 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.209306002 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.507194042 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.507230043 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.507594109 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.507666111 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.517707109 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.559329033 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.850214958 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.850274086 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:25.850332975 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.850399017 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.850790024 CET49731443192.168.2.4104.26.13.205
                                                                                      Dec 4, 2024 17:09:25.850805998 CET44349731104.26.13.205192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.817533016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:29.938066006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938088894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938100100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938139915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938185930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:29.938191891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938203096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938206911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:29.938210964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938218117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938226938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938246012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:29.938287020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:29.938415051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:29.938468933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.060913086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.060928106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.060945988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.060955048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.061017036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.061219931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.061249971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.061268091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.061391115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.061966896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.062417030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.062524080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.188072920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.188124895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.188167095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.188239098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.188251019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.188266039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.188322067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.188328028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.190726042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.384722948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.384983063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429171085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429306030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429323912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429420948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429512024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429522038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429526091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429567099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429569006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429579020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429624081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429625988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429635048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429682970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429725885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429765940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429815054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429828882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429924011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429980040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.429980993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.429989100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430038929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430124044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430133104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430161953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430183887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430186987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430208921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430231094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430252075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430260897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430293083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430315971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430341959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430351973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430393934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430444956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430454016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430495977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430501938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430504084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430541992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430546999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430598021 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430604935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430634975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430685043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430692911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430701971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430747032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430768967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430778980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430825949 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.430865049 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430891037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.430948019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.431006908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.431041956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.431092978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.431126118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.434726954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.505036116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.505058050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.505109072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.505145073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.549675941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.549700975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.549710989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.549736023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.549761057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.549791098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.549809933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.549858093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.549882889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.549901962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.549930096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.549995899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550007105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550064087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550065041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550100088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550108910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550147057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550148964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550193071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550201893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550244093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550259113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550275087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550299883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550311089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550401926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550455093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550476074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550486088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550518990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550534010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550539017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550545931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550580025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550604105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550649881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550669909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550693989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550715923 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550739050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550806999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550816059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550856113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550872087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550919056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550925970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550941944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.550972939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.550992012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.624757051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.624846935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.669398069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.669418097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.669503927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.669512987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.669548988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.669568062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.669617891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.669665098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.669698954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.669720888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.669740915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.669990063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670000076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670047045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670090914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670118093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670142889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670160055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670217991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670227051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670278072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670308113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670356989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670397043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670406103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670413971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670448065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670459986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670469046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670469999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670502901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670516968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670553923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670572042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670603991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670615911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670648098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670672894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670702934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670723915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670763969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670793056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670828104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670839071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670923948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670943022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.670975924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.670984983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.671040058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.671092033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.671107054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.671123981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.671159029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.671180964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.671209097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.671217918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.671225071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.671261072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.671272039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.744690895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.744709015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.744824886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.789427996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789448023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789462090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789470911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789545059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789556980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789565086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789575100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789622068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789622068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.789633036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789652109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.789681911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.789742947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789793968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.789886951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.789935112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790009022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790030003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790039062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790066004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790083885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790087938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790143967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790154934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790179014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790205002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790225983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790229082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790271044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790322065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790368080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790373087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790384054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790436983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790462017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790471077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790518045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790572882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790581942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790610075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790627956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790630102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790658951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790673018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790721893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790731907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790766954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790775061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790776968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790818930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.790899992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.790952921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.864653111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.864715099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909115076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909132004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909162045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909209013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909271002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909315109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909442902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909459114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909476042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909495115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909518003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909524918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909569979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909596920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909606934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909646988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909740925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909750938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909780979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909789085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909801006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909828901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909857035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.909970999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.909997940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910015106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910042048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910108089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910118103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910161018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910212040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910259962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910263062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910307884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910334110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910368919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910379887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910412073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910521030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910530090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910542011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910578966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910592079 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910593033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910618067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910629988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910660982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910686016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910712004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910729885 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910758018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910819054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910828114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910866022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.910928965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910964012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.910972118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.911011934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.911039114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.911087036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.911102057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.911145926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:30.984488010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:30.984594107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029632092 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029674053 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029726982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029731989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029758930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029767990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029783964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029787064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029814005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029820919 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029830933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029841900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029867887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029877901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029895067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029926062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029939890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.029947996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029973984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.029997110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030021906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030023098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030049086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030092955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030097008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030123949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030149937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030177116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030185938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030213118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030241013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030267000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030278921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030304909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030329943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030354977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030406952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030435085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030459881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030466080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030491114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030493975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030517101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030549049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030571938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030601025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030622005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030632973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030648947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030659914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030694962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030731916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030757904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030785084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030817986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030821085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030843019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030864954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030867100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030910015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.030915976 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.030963898 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.031001091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.031028032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.031055927 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.031075001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.031081915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.031133890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.104990005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.105134964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149410009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149441004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149518967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149538040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149548054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149583101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149600983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149607897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149636984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149653912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149697065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149769068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149826050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.149863958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.149916887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150038004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150069952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150091887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150129080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150233984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150274992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150288105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150331974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150485039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150512934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150538921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150554895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150609970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150654078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150717020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150748014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150779009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150793076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150835991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.150886059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.150985956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151012897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151034117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151057959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151060104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151108027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151118994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151134968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151160002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151184082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151197910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151211977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151237011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151259899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151261091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151288033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151315928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151339054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151351929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151393890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151403904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151421070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151446104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151463032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151479959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151515007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151523113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151542902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151568890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151577950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151596069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151606083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151623011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151623011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151653051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151654959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.151683092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.151715040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.225008011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.225306034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269154072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269185066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269221067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269244909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269285917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269314051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269340992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269340992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269367933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269371033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269395113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269402027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269428968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269435883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269454002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269455910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269478083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269512892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269519091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269567966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269578934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269613981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269625902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269640923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269673109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269711971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269716978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269740105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269769907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269771099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269792080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269798040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269824982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269828081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269850016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269876003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.269882917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269927025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.269998074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270052910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270061970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270118952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270143986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270172119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270198107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270219088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270230055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270256996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270286083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270287991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270306110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270335913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270339012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270385981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270426989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270473957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270492077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270507097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270535946 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270559072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270570040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270617008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270625114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270643950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270670891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270693064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270699024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270720005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270744085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270767927 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270823002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270876884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.270941019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270972013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.270997047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.271018982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.345067978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.345179081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391271114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391349077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391380072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391407967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391438007 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391458988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391462088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391513109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391534090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391540051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391556978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391566038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391592026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391597986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391611099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391623020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391644001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391670942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391704082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391731024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391750097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391772985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391793013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391819954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391844034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391869068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.391932011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391963005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.391987085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392031908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392059088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392072916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392091036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392093897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392119884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392142057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392174959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392222881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392265081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392273903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392297983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392312050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392323971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392345905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392369032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392472982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392518997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392581940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392628908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392680883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392714977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392729998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392771959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392827034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392853975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392879963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392900944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392913103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392927885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.392956018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392973900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.392975092 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393002033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393032074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393055916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393085957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393112898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393141985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393146038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393173933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393189907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393192053 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393248081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393296957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393323898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.393352985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.393373966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.464813948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.464895964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.512778997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.512829065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.512862921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.512898922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513015032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513035059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513062954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513082027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513181925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513200045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513227940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513242960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513336897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513355017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513381004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513394117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513458967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513477087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513505936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513524055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513566017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513585091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513608932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513626099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513628006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513643026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513679981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513770103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513798952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.513818979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513844013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.513953924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514005899 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514023066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514071941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514154911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514202118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514214039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514256954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514339924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514386892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514395952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514441013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514517069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514525890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514570951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514575005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514584064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514626980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514653921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514662981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514705896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514781952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514827967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514837980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514885902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.514934063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514942884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.514983892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.515000105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515010118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515052080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.515053988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515064001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515094995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515104055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.515140057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.515145063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515187979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.515191078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.515240908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.585422039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.585484982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.585490942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.585520029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.585689068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632158995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632196903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632251024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632266045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632282019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632288933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632302999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632375002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632375002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632424116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632428885 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632481098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632524967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632553101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632580042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632586002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632601023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632652998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632822990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632850885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632877111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632898092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.632919073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632951975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.632972002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633001089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633002043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633029938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633059025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633080006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633080006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633106947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633131981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633138895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633157015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633189917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633224964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633251905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633272886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633300066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633300066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633327007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633348942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633353949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633379936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633400917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633429050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633455992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633477926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633486986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633506060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633513927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633541107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633564949 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633569002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633626938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633627892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633654118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633680105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633683920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633711100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633728981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633733034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633786917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633800030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633826971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633851051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633872032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633876085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633903980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633929968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633930922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633941889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.633980036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.633980989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.634006977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.634037971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.634061098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.705205917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.705239058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.705281019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.705298901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754204035 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754254103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754287004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754334927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754440069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754507065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754535913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754568100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754590034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754633904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754662037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754690886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754702091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754710913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754736900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754761934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754796982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754848003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754901886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.754905939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.754981041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755120039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755168915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755176067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755220890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755254030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755301952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755302906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755352974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755377054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755403996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755429029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755448103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755501032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755531073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755552053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755570889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755630016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755682945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.755686045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.755733013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756234884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756278992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756284952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756306887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756330013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756339073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756367922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756370068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756378889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756395102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756421089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756421089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756444931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756448030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756474018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756478071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756496906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756505013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756525993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756531000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756556034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756557941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756584883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756587029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756611109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756618023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756628990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756659031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756669998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756686926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756715059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.756716967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756736040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.756781101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.825022936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.825054884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.825100899 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.825119019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874531031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874572992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874627113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874654055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874682903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874712944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874735117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874743938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874763012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874775887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874840021 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874870062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874900103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.874923944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.874996901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875005960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875032902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875058889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875103951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875107050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875145912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875179052 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875184059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875206947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875207901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875240088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875241995 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875252008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875267029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875299931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875323057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875353098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875415087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875471115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875534058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875540018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875576973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875595093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875629902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875639915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875684023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.875699043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.875741959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.920643091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.920715094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.944904089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.944964886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.994843960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.994900942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.994911909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.994951963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.994957924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995012045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995038033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995094061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995240927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995269060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995304108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995320082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995342970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995393991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995404959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995460033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995577097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995629072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995676041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995728016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995781898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995846987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995898962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995925903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995954037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995954037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.995980978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.995985031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.996001959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.996033907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:31.996048927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:31.996098995 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.064795017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.064908028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.110297918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.110387087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.116858006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.116933107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117145061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117193937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117223978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117285013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117320061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117372990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117398024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117444992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117650986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117706060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117769957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117814064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.117821932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.117863894 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118029118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118079901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118115902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118165970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118247986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118273973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118294954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118325949 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118335009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118383884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118402958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118452072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118535042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118587017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118607044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118652105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118714094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118745089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118767977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118798018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118829966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118860960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.118877888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.118907928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.184907913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.184988022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237544060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237574100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237621069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237648964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237669945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237694979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237704039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237704992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237742901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237761974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237793922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237797976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237843037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237858057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237889051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237899065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237921000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237950087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237968922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.237979889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.237996101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.238023043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.238049984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.238089085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.238146067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.238332987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.238404989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.238440037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.238466978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.238492012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.238497019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.238518000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.238547087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.284147978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.284240007 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.304733992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.305011988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.357510090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.357573032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.357628107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.357702971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.357732058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.357795954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.357855082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.357903957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.357969046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358032942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358067989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358124018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358155012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358212948 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358223915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358252048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358283043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358293056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358310938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358314037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358330011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358381987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358442068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358474970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358501911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358525038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358578920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358632088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358710051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358764887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358839989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358871937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.358896017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.358937979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.359059095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.359127045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.400186062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.400289059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.425178051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.425380945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.478631020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.478719950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.478787899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.478821993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.478853941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.478873968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.478909016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.479046106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.479104996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.479171038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.479217052 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.479232073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.479279041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.479331017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.479389906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.479571104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.479603052 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.479635000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.479661942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.480015993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.480104923 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.480118990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.480187893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.544728041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.544812918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.598263025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.598349094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.598351002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.598423004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.598572969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.598629951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.598747969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.598809958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.598845959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.598905087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.598968029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599021912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.599052906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599113941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.599128008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599179029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.599215984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599267960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.599344969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599400997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.599489927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599545956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.599597931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.599658012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.600431919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.600511074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.600514889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.600544930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.600600958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.644248962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.644459009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.664628983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.664820910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.719409943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.719517946 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.719824076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.719887018 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.719897985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.719968081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720011950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720066071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720110893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720168114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720190048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720238924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720336914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720406055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720464945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720516920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720592976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720618010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720643997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720666885 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720701933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720750093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720803976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720859051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720875025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.720932007 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.720967054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.721019030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.721040964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.721091032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.721476078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.721513987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.721529961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.721565962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.721594095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.721651077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.786330938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.786463976 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.847806931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.847996950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.906014919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.906088114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.952183008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.952240944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.959861040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.959893942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.959934950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.959969997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.960042000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.960098982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.960650921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.960736036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.960767984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.960829020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.961208105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.961256981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.961797953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.961848021 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.961850882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.961899996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:32.967602968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:32.967660904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.008177996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.008232117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.026633978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.026729107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.079996109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.080061913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.080257893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.080332041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.080585957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.080645084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.080991030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.081056118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.081151009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.081197023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.081207037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.081250906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.081911087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.081958055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.081988096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.082034111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.087505102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.087595940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.132586002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.132675886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.146372080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.146492958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.199739933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.199763060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.199866056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.199881077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.199887991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.199913979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.199929953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.199959993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200124979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200166941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200196981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200210094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200248003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200259924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200453997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200500011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200619936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200671911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200687885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200731993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200803041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200853109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.200891018 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.200936079 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201103926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201153994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201226950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201272011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201287985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201334953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201420069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201468945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201574087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201623917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201802015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201843023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.201914072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.201958895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.202033997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.202089071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.207300901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.207360983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.266752005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.266856909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.319605112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.319628000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.319788933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.319844961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.319863081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.319876909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.319922924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320314884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320372105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320420027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320432901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320509911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320523977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320593119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320624113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320674896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320713043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320722103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320763111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320771933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320811033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320813894 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320863962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320882082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320919991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.320934057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.320981026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.321320057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.321373940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.321425915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.321477890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.326904058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.326965094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.387902975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.388124943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.439352989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.439594030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.439677954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.439717054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.439748049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.439779043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.440078974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.440093040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.440140963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.440499067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.440582037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.440620899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.440676928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.440699100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.440753937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.440949917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.441005945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.441128016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.441178083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.446542025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.446579933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.446631908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.446656942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.508881092 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.508958101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.566916943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.567076921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.568905115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.568989038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.629807949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.629924059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.680318117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.680399895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.680435896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.680490971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.680529118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.680583954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.680608034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.680655956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.680828094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.680874109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681046963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681097984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681170940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681219101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681277990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681325912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681401968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681448936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681543112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681581020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681678057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681721926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681785107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681797028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681842089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681878090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681886911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681894064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.681936026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.681950092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.682034016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.682043076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.682096004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.687521935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.687594891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.728873014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.728967905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.749728918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.749835014 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.800539017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.800601006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.800668001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.800708055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.800719976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.800775051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.800884962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.800939083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.800957918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801012039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801269054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801335096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801420927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801430941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801440954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801484108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801503897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801528931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801583052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801604033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801654100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801707983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801757097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.801912069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.801968098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.802025080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.802078962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.802088976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.802138090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.802145958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.802191019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.807357073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.807434082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.853060961 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.853131056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.870606899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.870811939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.922837019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.922904015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923010111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923089027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923096895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923151970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923232079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923284054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923347950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923397064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923405886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923450947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923599958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923638105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923648119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923681974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923702955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923737049 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923749924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923780918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923871040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923924923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.923928022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.923975945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.924043894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.924053907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.924099922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.924109936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.924134970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.924153090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.924165964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.924190044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.924220085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.928508043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.928560972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.928616047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.928666115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:33.990247011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:33.990431070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043050051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043081999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043098927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043139935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043183088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043201923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043217897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043272972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043356895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043412924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043492079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043549061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043602943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043662071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043685913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043720961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043739080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043767929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043798923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043797970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043818951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043845892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043848991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043889999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.043905020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043946028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.043983936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.044015884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.044042110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.044073105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.044106960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.044150114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.044161081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.044199944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.044204950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.044250011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.048861980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.048932076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.048949003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.049005985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.093355894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.093458891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.111222982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.111289978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.162998915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163054943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163090944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163119078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163165092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163239002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163281918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163346052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163449049 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163501024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163588047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163620949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163649082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163671017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163846016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.163897038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.163966894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164025068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164124012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164181948 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164232016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164294004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164385080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164443016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164490938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164549112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164587975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164616108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164644003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164671898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164674044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164699078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164725065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164729118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.164748907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.164792061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.169511080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.169599056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.231955051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.232059956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.276473999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.276566982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.282758951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.282792091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.282824039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.282831907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.282854080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.282859087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.282883883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.282901049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.282975912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283025026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283191919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283220053 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283247948 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283269882 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283492088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283521891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283549070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283582926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283646107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283704996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283785105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283814907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283850908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283870935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.283879042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.283926010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.284009933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.284037113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.284059048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.284090996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.284193039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.284245014 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.288965940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.289036989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.289098024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.289125919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.289155006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.289182901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.355026007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.355264902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408279896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408410072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408468962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408479929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408504963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408525944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408550978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408576965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408684015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408746004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408786058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408842087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.408924103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.408979893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409025908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409077883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409153938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409204960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409218073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409271955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409331083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409341097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409390926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409461975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409527063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409599066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409652948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409658909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409708977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409751892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409802914 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.409895897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.409950018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.414779902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.414839029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.414869070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.414923906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.414988995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.415047884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.456223965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.456403017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.475486994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.475826979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528047085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528198004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528306961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528366089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528465986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528472900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528522015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528592110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528656006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528665066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528688908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528712034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528743029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528789997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528841019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528865099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528911114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.528917074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.528969049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.529026031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.529057026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.529078007 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.529103994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.529252052 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.529305935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.529350042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.529403925 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.529459000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.529510021 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.534399986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.534481049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.534490108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.534522057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.534544945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.534579992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.576303959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.576462984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.594865084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.594928026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.647810936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.647857904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.647886992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.647913933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.647942066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.647974014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.647975922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648040056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648087025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648150921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648165941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648226023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648375988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648443937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648606062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648638964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648665905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648665905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648696899 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648699999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648721933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648749113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648827076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648889065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.648905039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.648966074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.649032116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.649089098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.649125099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.649179935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.654165030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.654227018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.654254913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.654311895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.696017027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.696093082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.715809107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.715897083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.756237984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.756433964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.767652988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.767735004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.767819881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.767875910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.767930984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.767982960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.768096924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.768150091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.768239975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.768300056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.768409014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.768466949 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.768580914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.768635035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.768786907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.768843889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.768965960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769016027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769093037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769144058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769229889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769237995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769290924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769321918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769375086 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769378901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769434929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769579887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769633055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769694090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769702911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.769753933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.769964933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.770023108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.774152040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.774216890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.815864086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.815886021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.815932035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.815958977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.835367918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.835422039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.888380051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.888448000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.888494968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.888545036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.888649940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.888704062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.888848066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.888916016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889101028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889163971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889202118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889249086 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889309883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889363050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889391899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889441013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889523983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889569044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889615059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889662027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889818907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889866114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.889899015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.889946938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.893804073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.893892050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.893939972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.894000053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.894020081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.894071102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.936011076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.936188936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.936193943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.936247110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:34.955835104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:34.955919027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008455038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008626938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008652925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008748055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008753061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008785009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008806944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008814096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008837938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008862972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008866072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008913994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008923054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.008975029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.008991957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009042025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009218931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009273052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009344101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009377003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009397030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009424925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009426117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009476900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009480953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009535074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009560108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009593010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009612083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009641886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.009835005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.009896040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.013804913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.013864994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.013931990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.013983965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.056200981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.056390047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.056396961 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.056448936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.075443983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.075539112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.128752947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.128842115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.128962994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.129889011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.129971027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.130002022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.130060911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.131006956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.131068945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.131078005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.131129980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.131134033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.131175995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.131186008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.131232023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.132240057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.132292986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.132509947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.132539034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.132575035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.132591009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.133496046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.133524895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.133547068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.133574009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.134932041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.134984016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.136096001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.136148930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.136151075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.136202097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.137645006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.137697935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.137697935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.137752056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.138770103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.138823032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.175949097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.176048994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.176111937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.176305056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.195211887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.195352077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.195452929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.248897076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.248949051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.249157906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.249814987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.249880075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.249974012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.250809908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.250860929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.250863075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.250891924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.250916958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.250938892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.250979900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.251960993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.252007961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.252202988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.252255917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.253562927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.253616095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.253626108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.253671885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.253674030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.253720999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.255384922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.255440950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.255511045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.255568027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.256764889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.256814003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.256922007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.256973982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.258364916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.258541107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.259330034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.259408951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.295469046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.295639038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.295649052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.295695066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.315701962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.315788984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.368652105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.368946075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.369716883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.369784117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.369784117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.369838953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.370419979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.370471954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.370649099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.370678902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.370704889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.370709896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.370726109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.370760918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.370776892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.370826960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.371959925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.372018099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.373188972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.373245955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.373250008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.373306990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.373368979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.373431921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.375111103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.375164032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.375180006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.375217915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.376400948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.376456976 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.376565933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.376625061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.378184080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.378232956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.378240108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.378298998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.378951073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.379024029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.415927887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.415982008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.415994883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.416064978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.435966969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.436031103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.488385916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.488455057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.488508940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.488533974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.488676071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.488738060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.489468098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.489526033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.489577055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.489639997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.490122080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.490176916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.490221977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.490272045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.490282059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.490328074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.490329027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.490379095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.490386963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.490433931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.491698027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.491758108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.493139982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.493201017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.493534088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.493563890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.493597031 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.493614912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.495342016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.495369911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.495394945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.495426893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.496292114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.496351957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.496412992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.496471882 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.497955084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.498012066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.498397112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.498465061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.498972893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.499052048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.536247969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.536350012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.536398888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.536457062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.559017897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.559134007 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.609386921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.609416962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.609585047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.609695911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.609781027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.610407114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.610436916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.610471964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.610496998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.611149073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.611208916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.611339092 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.611366987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.611397982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.611421108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.611464024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.611512899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.611515999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.611569881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.612514973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.612569094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.614105940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.614165068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.614245892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.614306927 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.614402056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.614459038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.615535021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.615593910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.615705013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.615760088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.617305040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.617369890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.617468119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.617527008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.618845940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.618872881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.618904114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.618932962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.619771957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.619849920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.656182051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.656315088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.656363964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.656383991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.656413078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.656425953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.656471014 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.676294088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.676388979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.729805946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.729902983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.729913950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.729965925 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732515097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732543945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732569933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732598066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732609034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732629061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732657909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732671976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732685089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732700109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732727051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732736111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732749939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732784033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.732851982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.732906103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.734328985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.734390020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.734424114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.734487057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.737456083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.737485886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.737512112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.737517118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.737544060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.737571001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.737927914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.737981081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.737984896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.738034964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.739422083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.739480972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.739500046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.739561081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.740159988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.740237951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.777539968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.777630091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.777673006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.777822018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.780548096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.780599117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.798038960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.798125029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.844218016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.844428062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.852349997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.852468967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.852739096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.852777958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.852812052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.852833033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.852869987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.852920055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.852951050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.853003979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.853208065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.853254080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.853302956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.853348970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.853353977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.853399038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.857805967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.857860088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.857919931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.857949972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.857970953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.858001947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.858026028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.858040094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.858050108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.858072996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.858105898 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.858123064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.858166933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.858218908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.858264923 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.859136105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.859199047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.859216928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.859258890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.861840963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.861895084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.897922993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.898156881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.900335073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.900410891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.923829079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.923916101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.973886967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.973948956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.974307060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.974376917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.974416971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.974466085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.974541903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.974587917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.974647999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.974668980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.974893093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.975027084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.975076914 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.979216099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.979285955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.980463982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980525970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.980568886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980580091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980628014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980632067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.980680943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.980681896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980721951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.980747938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980797052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.980820894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980864048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.980910063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:35.982865095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:35.982927084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.018930912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.018990040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.019083977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.019134045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.019819975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.019897938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.045494080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.045681953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.092206955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.092400074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.093421936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.093476057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.093524933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.093571901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.093630075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.093676090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.093682051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.093729019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.093786001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.093833923 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.093985081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.094037056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.094100952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.094147921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.094196081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.094240904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.094279051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.094322920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.094327927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.094367981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.094830036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.094875097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.099174976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.099235058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.100547075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.100627899 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.102461100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.102530956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.138853073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.138964891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.139022112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.139061928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.142540932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.142595053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.142719030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.142807961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.165993929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.166114092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.213556051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.213587046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.213640928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.213697910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.213821888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.213846922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.213895082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.214170933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.214227915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.214261055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.214298964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.214308023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.214345932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.214386940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.214433908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.214683056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.214731932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.219227076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.219285965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.219295979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.219343901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.219347000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.219397068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.223720074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.223789930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224020958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224072933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224577904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224625111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224630117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224678993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224715948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224766970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224786997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224838972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224891901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224927902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.224944115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.224980116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.261132002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.261241913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.261388063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.262319088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.262371063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.262773991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.262820959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.287359953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.287457943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.328253984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.328459024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.333487988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.333549976 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.333708048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.333771944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.333795071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.333856106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.333858967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.333908081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.333911896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.333965063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.334090948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.334141016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.334165096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.334218979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.334302902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.334311962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.334342957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.334368944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.334404945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.334662914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.334721088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.341902971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.341979980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.342012882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.342067957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.349193096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.349204063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.349258900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.353298903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.353313923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.353372097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.353408098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.358011007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.358071089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.358319044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.358374119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.360189915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.360244036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.382381916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.382391930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.382487059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.383419037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.383569956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.383723974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.383785009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.407588959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.407728910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.407751083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.407789946 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453172922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.453255892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453342915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.453383923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.453397036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453442097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453531981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.453573942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.453583002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453624964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453625917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.453679085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.453990936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.454044104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.454051971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.454106092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.454231024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.454287052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.454287052 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.454341888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.454399109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.454448938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.461675882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.461756945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.461762905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.461812973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.469072104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.469136000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.469196081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.469244003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.473335028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.473407030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.473433971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.473478079 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.478399038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.478466034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.478549004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.478593111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.480216980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.480268002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.502480984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.502548933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.502676010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.502686977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.502847910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.503098965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.503154993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.503679991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.503731012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.527401924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.527503967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.568272114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.568339109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.573411942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.573503017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.573750973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.573801994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.573810101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.573851109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.574234009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.574243069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.574286938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.581331015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.581340075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.581393957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.588901043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.588958979 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.592963934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.593014002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.593298912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.593343019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.598297119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.598351002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.598412037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.598459959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.599941015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.599988937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.623080015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.623140097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.623187065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.623235941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.623327971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.623378992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.623586893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.623632908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.623922110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.623970985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.647077084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.647186041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.688271999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.688350916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693295002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693372965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693381071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693406105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693427086 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693453074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693464041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693500042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693541050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693583012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693615913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693666935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.693943977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.693989038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.701364040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.701432943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.701433897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.701478958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.708543062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.708600044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.708630085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.708678961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.712877989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.712932110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.718087912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.718156099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.718235016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.718282938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.720390081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.720451117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.743525982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.743573904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.743624926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.743670940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.743716002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.743727922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.743757963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.743772030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.743982077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.744025946 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.744476080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.744525909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.766757965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.766823053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.808368921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.808536053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.812978029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.813000917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.813066006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.813234091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.813306093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.813332081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.813354015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.813386917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.813400984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.813406944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.813461065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.814304113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.814359903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.821501017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.821556091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.821571112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.821618080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.828345060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.828403950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.828424931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.828474045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.832386971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.832458973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.832546949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.832601070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.837781906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.837846994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.837924004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.837979078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.839932919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.839983940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.863611937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.863667965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.863722086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.863770962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.863775969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.863810062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.863826036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.863858938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.863926888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.863979101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.864011049 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.864059925 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.864473104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.864523888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.886452913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.886517048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.932557106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.932651997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.932984114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933049917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933085918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933130980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933219910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933249950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933260918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933291912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933296919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933343887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933506012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933549881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933604956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933638096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933651924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933680058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.933689117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.933734894 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.934005022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.934055090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.941226959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.941283941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.941507101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.941555023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.948127985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.948178053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.948401928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.948451996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.952522039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.952605009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.957561016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.957622051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.959733009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.959789038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.983191013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.983334064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.983525991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.983589888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.983601093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.983699083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.983772993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.983871937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.983925104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.983982086 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:36.984411955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:36.984476089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.006751060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.006808043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.053210020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.053313017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.053498030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.053553104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.053594112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.053638935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.053749084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.053792000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.053890944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.053932905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.054027081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.054071903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.054147005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.054177046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.054186106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.054231882 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.054258108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.054295063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.061671972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.061731100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.061794996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.061841965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.068805933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.068869114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.068929911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.068977118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.072990894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.073044062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.077294111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.077358961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.079401970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.079457045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.079459906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.079502106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.103766918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.103846073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.104527950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.104584932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.126352072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.126419067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.173942089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.173995972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.174046993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.174078941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.174087048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.174120903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.174416065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.174473047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.174496889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.174556017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.174623966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.174669027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.174675941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.174734116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.182909012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.182972908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.182986021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.183037043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.183037043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.190099955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.190166950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.194226980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.194278955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.194279909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.194324970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.198139906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.198191881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.198208094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.198266983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.200084925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.200143099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.200160027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.200200081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.222745895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.222801924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.222896099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.222951889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.223222017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.223267078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.223354101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.223400116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.223484039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.223524094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.223855019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.223896980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.246968985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.247036934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.288369894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.288465023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295021057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295075893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295101881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295151949 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295262098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295334101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295382023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295392036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295434952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295438051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295470953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295480013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295509100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295619965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295658112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295686960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295723915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.295737982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.295778036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.303175926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.303229094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.303256989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.303271055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.303298950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.303318977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.310188055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.310231924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.310324907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.310368061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.314193964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.314248085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.314532042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.314582109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.318033934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.318084955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.319875002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.319922924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.344316006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.344475031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.344477892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.344532967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.345212936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.345273018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.345515013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.345557928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.345578909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.345621109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.345639944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.345685005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.345711946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.345721960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.345760107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.367981911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.368067026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.415426016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.415617943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.415851116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.415930986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.423727989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.423784971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.430732965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.430795908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.435101986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.435151100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.438513041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.438564062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.440370083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.440442085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.464920044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.465002060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.466011047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.466075897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.488838911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.488924980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.534801006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.534897089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.535092115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.535170078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.535351038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.535418987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.543838978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.543898106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.563338041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.563539028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.603224039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.603338957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.607523918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.607580900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.608839035 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.608894110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655067921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655122042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655127048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655168056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655172110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655221939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655302048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655318975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655348063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655364037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655388117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655425072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655591011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655639887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655708075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655761003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655874968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.655920029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.655977964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.656016111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.656044960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.656085968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.663439989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.663487911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.663502932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.663558960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.669627905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.669684887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.669698000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.669747114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.673386097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.673428059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.673438072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.673471928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.673502922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.673512936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.673520088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.676918983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.676974058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.678939104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.678987026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.679073095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.679121017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.679124117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.679169893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.703907013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.703960896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.703990936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.704031944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.704082966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.704127073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.704164028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.704209089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.704463959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.704514027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.705008030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.705049038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.705133915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.705178022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.705241919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.705290079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.705302000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.705332994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.705383062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.705425024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.727360010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.727426052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.772313118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.772377968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.774703026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.774775982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.774910927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.774981022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.774981976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775028944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775144100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775177002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775192976 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775222063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775331974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775377035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775444031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775490046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775494099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775546074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775625944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.775672913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.775960922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.776025057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.783641100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.783701897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.783804893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.783857107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.789758921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.789809942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.789829016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.789882898 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.793529034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.793586016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.793760061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.793818951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.796758890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.796812057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.798634052 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.798688889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.798801899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.798855066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.824192047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.824259996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.824350119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.824395895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.824470043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.824517965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.824791908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.824845076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.825170040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.825222015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.825241089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.825273037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.825292110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.825320005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.825380087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.825429916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.847090006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.847155094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.847385883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.847438097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.892429113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.892600060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.894553900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.894617081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.894792080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.894844055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.894896030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.894951105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895067930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895102978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895122051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895160913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895241022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895291090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895499945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895560980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895584106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895642042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895642042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895670891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895690918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895716906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.895720005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.895761967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.903214931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.903283119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.903367996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.903422117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.910027027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.910089970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.910120964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.910176039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.913575888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.913634062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.913723946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.913753033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.913778067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.913815022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.917197943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.917258978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.918734074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.918775082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.918800116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.918838978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.918863058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.918895006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.918915987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.918948889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.943897009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.943962097 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.944039106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.944066048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.944094896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.944113970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.944343090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.944392920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.944941044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.944988012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.945060015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.945106030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.945132971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.945184946 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.945252895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.945298910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.966914892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.967014074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:37.967102051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:37.967154026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.012484074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.012577057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.014637947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.014678955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.014695883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.014736891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015016079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015049934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015085936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015111923 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015162945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015198946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015224934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015243053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015300989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015362024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015423059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015474081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015535116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015575886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015594006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015625954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015678883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015727997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015733957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015755892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.015779018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.015803099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.022970915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.023032904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.023099899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.023161888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.029661894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.029731989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.033261061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.033322096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.033406019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.033469915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.036640882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.036700010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.038543940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.038599968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.038631916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.038676023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.038693905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.038764000 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.063852072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.063987017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.064028025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.064047098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.064285994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.064349890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.064821005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.064855099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.064881086 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.064898968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.064920902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.064944983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.064985991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.065013885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.065042019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.065067053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.086678028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.086751938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.133125067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.133317947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135037899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135096073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135134935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135188103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135346889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135407925 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135476112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135533094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135627031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135675907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135787964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135819912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135843039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135869026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.135936022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135979891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.135987997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136028051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136032104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136084080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136111021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136162043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136173964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136223078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136282921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136334896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136387110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136419058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136432886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136471987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.136499882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.136557102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.143594027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.143667936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.143673897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.143728971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.150026083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.150085926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.150096893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.150142908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.150152922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.150202990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.153059959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.153131008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.153261900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.153317928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.153343916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.153393030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.156438112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.156507015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.158068895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.158138990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.158185005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.158246994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.158386946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.158413887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.158438921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.158473015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.184020042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.184056044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.184096098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.184107065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.184269905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.184443951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.184498072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.185009956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.185070992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.185070992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.185127020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.185132027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.185182095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.185190916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.185237885 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.185261011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.185292006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.185314894 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.185343027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.206396103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.206553936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.248296022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.248397112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.252717018 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.252789974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.254895926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.254930019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.254957914 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.254975080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255033016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255086899 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255086899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255136967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255167007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255192995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255229950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255256891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255280972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255341053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255347967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255397081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255402088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255454063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255506992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255557060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255604029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255652905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255697966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255749941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.255860090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.255912066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.256067991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.256125927 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.256177902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.256236076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.263377905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.263456106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.263546944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.263709068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.270087957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.270140886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.270148039 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.270211935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.270277023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.270334959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.273197889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.273252010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.273281097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.273329973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.273339033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.273387909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.276371956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.276426077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.276572943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.276617050 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.278170109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.278223991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.278297901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.278352976 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.278402090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.278450966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.303859949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.303945065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.304006100 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.304079056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.304267883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.304325104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.304371119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.304416895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.305063009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.305114031 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.305156946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.305185080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.305208921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.305217028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.305237055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.305269003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.305291891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.305341959 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.326426983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.326524019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.368422985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.368503094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.373022079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.373090982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375065088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375130892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375181913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375245094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375351906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375397921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375402927 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375451088 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375555992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375608921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375610113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375663042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375735044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375765085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375787020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375809908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375840902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375886917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.375890017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375936985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.375977993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376023054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376055956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376108885 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376235962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376266956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376288891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376310110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376327991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376354933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376382113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376391888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376411915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376440048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.376454115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.376507998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.383018970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.383074999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.383142948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.383208990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.389774084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.389844894 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.389844894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.389873981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.389897108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.389925957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.393079042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.393137932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.393140078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.393172979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.393191099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.393223047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.393224001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.393270969 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.396146059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.396198988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.397713900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.397769928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.397872925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.397922993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.397924900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.397972107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.424756050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.424772978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.424808025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.424820900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.424823046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.424861908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.424869061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.424905062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.425096035 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.425151110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.425923109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.425975084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.426002979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.426048994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.426074028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.426117897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.426147938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.426196098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.426229954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.426239014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.426284075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.446432114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.446492910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.492630005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.492669106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.492784977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.494754076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.494779110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.494896889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.494924068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.494949102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.494997025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495042086 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.495141983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495186090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.495501041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495527029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495549917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.495573044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.495640039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495687008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.495817900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495863914 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.495924950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.495979071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496059895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496105909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496145964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496191978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496259928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496303082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496337891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496360064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496438980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496488094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496511936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496556997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496639967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496689081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.496694088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.496737957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.502830029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.502914906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.509357929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.509422064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.509459019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.509501934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.509517908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.512746096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.512856960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.512897015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.512927055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.512943983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.515820026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.517446041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.517528057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.517584085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.517671108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.517724991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.517744064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.518769026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.544724941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.544795036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.544863939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.544882059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.544990063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.545140028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.545157909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.545197010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.545229912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.545278072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.546192884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.546231985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.546277046 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.546282053 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.546354055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.546400070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.546405077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.546772003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.566370010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.566883087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.608263969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.610796928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.613312006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.613475084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615175009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615245104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615303040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615339994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615358114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615361929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615406990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615447998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615535021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615576982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615586042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615619898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615632057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615668058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615788937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615871906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615922928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.615978956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.615988016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.616034985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.616178036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.616287947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.616342068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.616405010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.616486073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.616523027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.616539001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.616576910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.623023033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.623132944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.623150110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.623183966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.629160881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.629225969 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.629300117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.629349947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.629396915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.629406929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.629460096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.632347107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.632491112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.632591009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.632647991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.632695913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.635413885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.635472059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.637001038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.637017965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.637093067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.637101889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.637126923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.637188911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.637209892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.637259960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.638525963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.638577938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.664911032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.664988041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.665074110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.665107012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.665121078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.665195942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.665216923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.665266991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.665399075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.665445089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.665467024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.665493011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.665518045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.665545940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.666238070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.666286945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.666413069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.666474104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.666533947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.666574001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.666624069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.666728020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.666771889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.686767101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.686856985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.729080915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.729135990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.732876062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.732943058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.732948065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.733001947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.734786987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.734834909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.734884024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.734929085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735009909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735054970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735187054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735215902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735232115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735260963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735308886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735354900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735378027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735407114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735433102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735450983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735465050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735479116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735491991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735506058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735517979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735533953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735549927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735558987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735600948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735613108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735701084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735707045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735749006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735768080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735815048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735904932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.735950947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.735965967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.736012936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.736040115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.736071110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.736123085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.742752075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.742889881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.742950916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.749151945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.749198914 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.749253988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.749303102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.752692938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.752893925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.752944946 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.752976894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.753012896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.753031015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.753061056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.755835056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.755887985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.757358074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.757412910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.757441998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.757500887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.757797956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.757831097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.757846117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.757864952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.759185076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.759234905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.785821915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.785890102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.786031008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.786083937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.786097050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.786142111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.786195040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.786242962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.786251068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.786300898 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.787134886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 4, 2024 17:09:38.787180901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 4, 2024 17:09:38.787208080 CET156664973045.130.145.152192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Dec 4, 2024 17:09:23.809360027 CET192.168.2.41.1.1.10xda19Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Dec 4, 2024 17:09:23.951849937 CET1.1.1.1192.168.2.40xda19No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                      Dec 4, 2024 17:09:23.951849937 CET1.1.1.1192.168.2.40xda19No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                      Dec 4, 2024 17:09:23.951849937 CET1.1.1.1192.168.2.40xda19No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false

                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.449731104.26.13.2054434960C:\Users\user\Desktop\venomderek.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-04 16:09:25 UTC100OUTGET / HTTP/1.1
                                                                                      Accept: text/html; text/plain; */*
                                                                                      Host: api.ipify.org
                                                                                      Cache-Control: no-cache
                                                                                      2024-12-04 16:09:25 UTC424INHTTP/1.1 200 OK
                                                                                      Date: Wed, 04 Dec 2024 16:09:25 GMT
                                                                                      Content-Type: text/plain
                                                                                      Content-Length: 12
                                                                                      Connection: close
                                                                                      Vary: Origin
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8ecd0f8f78ba41ba-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1675&rtt_var=865&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1113653&cwnd=192&unsent_bytes=0&cid=3b0b1bdd7e4a2cbb&ts=653&x=0"
                                                                                      2024-12-04 16:09:25 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                                      Data Ascii: 8.46.123.228


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:11:09:22
                                                                                      Start date:04/12/2024
                                                                                      Path:C:\Users\user\Desktop\venomderek.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\Desktop\venomderek.exe"
                                                                                      Imagebase:0x7ff626be0000
                                                                                      File size:3'341'824 bytes
                                                                                      MD5 hash:8C1A3371880670AE29EB22EEC13DF95E
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1929160781.000002733BC90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:6.3%
                                                                                        Dynamic/Decrypted Code Coverage:90.8%
                                                                                        Signature Coverage:22.3%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:128
                                                                                        execution_graph 93034 2733be21795 93043 2733be8cb98 93034->93043 93037 2733be8cb98 std::_Facet_Register 38 API calls 93038 2733be217d6 93037->93038 93050 2733be38140 93038->93050 93042 2733be21a33 93045 2733be8cba3 93043->93045 93044 2733be217a7 93044->93037 93045->93044 93047 2733be8cbc2 Concurrency::cancel_current_task 93045->93047 93069 2733be87f30 93045->93069 93072 2733be0b7b0 38 API calls 2 library calls 93047->93072 93049 2733be8cbd3 93051 2733be217fc 93050->93051 93052 2733be38172 93050->93052 93062 2733be8cb70 93051->93062 93053 2733be8cb98 std::_Facet_Register 38 API calls 93052->93053 93054 2733be3818d 93053->93054 93077 2733be1fe50 93054->93077 93056 2733be381ab 93090 2733be21730 93056->93090 93059 2733be38140 38 API calls 93060 2733be381ff 93059->93060 93061 2733be38140 38 API calls 93060->93061 93061->93051 93063 2733be8cb79 93062->93063 93064 2733be8cb84 93063->93064 93065 2733be8cf4c IsProcessorFeaturePresent 93063->93065 93064->93042 93066 2733be8cf64 93065->93066 93096 2733be8d144 RtlCaptureContext RtlLookupFunctionEntry capture_current_context 93066->93096 93068 2733be8cf77 93068->93042 93073 2733be87f70 93069->93073 93072->93049 93076 2733be7a6cc EnterCriticalSection 93073->93076 93083 2733be1fe7e 93077->93083 93078 2733be1fe9a 93078->93056 93081 2733be1feca 93084 2733be8cb98 std::_Facet_Register 38 API calls 93081->93084 93087 2733be1fee0 93081->93087 93082 2733be1fee8 _Yarn 93082->93056 93083->93078 93083->93081 93083->93082 93085 2733be1ff22 93083->93085 93089 2733be1ff5d 93083->93089 93084->93087 93086 2733be8cb98 std::_Facet_Register 38 API calls 93085->93086 93086->93082 93087->93082 93094 2733be0b7b0 38 API calls 2 library calls 93087->93094 93095 2733be0b870 38 API calls 93089->93095 93091 2733be2177e 93090->93091 93092 2733be8cb70 _Strcoll 3 API calls 93091->93092 93093 2733be21a33 93092->93093 93093->93059 93094->93089 93096->93068 93097 2733be158f3 93103 2733be0d8f0 93097->93103 93099 2733be15926 FindNextFileW 93100 2733be15944 93099->93100 93101 2733be8cb70 _Strcoll 3 API calls 93100->93101 93102 2733be1596b 93101->93102 93104 2733be0d908 ISource 93103->93104 93104->93099 93105 2733be66bb7 93106 2733be66bc1 93105->93106 93111 2733be670b0 93106->93111 93109 2733be8cb70 _Strcoll 3 API calls 93110 2733be66f13 93109->93110 93113 2733be670ef 93111->93113 93116 2733be66bd0 93111->93116 93112 2733be67368 93131 2733be39930 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 93112->93131 93113->93112 93119 2733be672ed Concurrency::cancel_current_task 93113->93119 93126 2733be20dc0 93113->93126 93115 2733be67389 93132 2733be688e0 38 API calls 93115->93132 93116->93109 93118 2733be6739f 93133 2733be24740 93118->93133 93119->93116 93144 2733be689c0 38 API calls 93119->93144 93122 2733be673ea 93123 2733be24740 38 API calls 93122->93123 93124 2733be673fd Concurrency::cancel_current_task 93123->93124 93127 2733be20e22 93126->93127 93130 2733be20de3 _Yarn 93126->93130 93145 2733be25cb0 93127->93145 93129 2733be20e3b 93129->93113 93130->93113 93131->93115 93132->93118 93134 2733be24797 93133->93134 93159 2733be0eaa0 93134->93159 93136 2733be247d5 93181 2733be29c80 93136->93181 93138 2733be247e9 ISource 93140 2733be249a4 93138->93140 93191 2733be8ea50 93138->93191 93141 2733be8cb70 _Strcoll 3 API calls 93143 2733be24996 93141->93143 93142 2733be24924 ISource 93142->93140 93142->93141 93143->93119 93144->93122 93146 2733be25e26 93145->93146 93151 2733be25ce8 93145->93151 93157 2733be0b870 38 API calls 93146->93157 93148 2733be25d4d 93150 2733be8cb98 std::_Facet_Register 38 API calls 93148->93150 93149 2733be25e2b 93158 2733be0b7b0 38 API calls 2 library calls 93149->93158 93156 2733be25d33 ISource _Yarn 93150->93156 93151->93148 93153 2733be25d7c 93151->93153 93154 2733be25d40 93151->93154 93151->93156 93155 2733be8cb98 std::_Facet_Register 38 API calls 93153->93155 93154->93148 93154->93149 93155->93156 93156->93129 93158->93156 93160 2733be0eadb 93159->93160 93161 2733be0ebd1 93160->93161 93197 2733be251e0 93160->93197 93163 2733be20dc0 38 API calls 93161->93163 93164 2733be0ebea 93163->93164 93165 2733be20dc0 38 API calls 93164->93165 93166 2733be0ec03 93165->93166 93167 2733be0ec10 93166->93167 93217 2733be25990 38 API calls 4 library calls 93166->93217 93169 2733be20dc0 38 API calls 93167->93169 93170 2733be0ec5a 93169->93170 93171 2733be20dc0 38 API calls 93170->93171 93172 2733be0ec6f 93171->93172 93173 2733be0ecb3 ISource 93172->93173 93176 2733be0ecec 93172->93176 93174 2733be8cb70 _Strcoll 3 API calls 93173->93174 93175 2733be0ecd8 93174->93175 93175->93136 93218 2733be8eae0 8 API calls _Yarn 93176->93218 93178 2733be0ed35 93219 2733be8eae0 8 API calls _Yarn 93178->93219 93180 2733be0ed42 ISource 93180->93136 93182 2733be29ce4 93181->93182 93183 2733be29cd8 93181->93183 93185 2733be20dc0 38 API calls 93182->93185 93184 2733be251e0 38 API calls 93183->93184 93184->93182 93186 2733be29d01 93185->93186 93187 2733be20dc0 38 API calls 93186->93187 93188 2733be29d1a 93187->93188 93189 2733be20dc0 38 API calls 93188->93189 93190 2733be29d33 93189->93190 93190->93138 93192 2733be8ea71 93191->93192 93196 2733be8eabb 93191->93196 93193 2733be8eaa6 93192->93193 93192->93196 93223 2733be76fc0 37 API calls 2 library calls 93192->93223 93224 2733be6efd8 8 API calls 3 library calls 93193->93224 93196->93142 93198 2733be2531a 93197->93198 93203 2733be25209 93197->93203 93220 2733be0b870 38 API calls 93198->93220 93200 2733be2526e 93202 2733be8cb98 std::_Facet_Register 38 API calls 93200->93202 93201 2733be2531f 93221 2733be0b7b0 38 API calls 2 library calls 93201->93221 93208 2733be25254 _Yarn 93202->93208 93203->93200 93205 2733be2529d 93203->93205 93206 2733be25261 93203->93206 93203->93208 93207 2733be8cb98 std::_Facet_Register 38 API calls 93205->93207 93206->93200 93206->93201 93207->93208 93209 2733be2538c 93208->93209 93211 2733be253e5 93208->93211 93212 2733be253da 93208->93212 93216 2733be252e7 ISource _Yarn 93208->93216 93210 2733be8cb98 std::_Facet_Register 38 API calls 93209->93210 93210->93216 93214 2733be8cb98 std::_Facet_Register 38 API calls 93211->93214 93212->93209 93213 2733be2541f 93212->93213 93222 2733be0b7b0 38 API calls 2 library calls 93213->93222 93214->93216 93216->93161 93217->93167 93218->93178 93219->93180 93221->93208 93222->93216 93223->93193 93224->93196 93225 2733be77db8 93236 2733be77c1c 93225->93236 93228 2733be77ddf 93229 2733be77e18 93229->93228 93231 2733be77e59 93229->93231 93254 2733be7c8f0 37 API calls 2 library calls 93229->93254 93242 2733be77c44 93231->93242 93234 2733be77e4d 93234->93231 93255 2733be7cfdc 7 API calls 2 library calls 93234->93255 93237 2733be77c25 93236->93237 93241 2733be77c35 93236->93241 93256 2733be740cc 7 API calls _Strcoll 93237->93256 93239 2733be77c2a 93257 2733be6fbec 37 API calls _invalid_parameter_noinfo 93239->93257 93241->93228 93241->93229 93253 2733be77d3c 37 API calls _fread_nolock 93241->93253 93243 2733be77c1c _fread_nolock 37 API calls 93242->93243 93244 2733be77c69 93243->93244 93245 2733be77d0a 93244->93245 93246 2733be77c79 93244->93246 93267 2733be7b128 37 API calls 2 library calls 93245->93267 93248 2733be77c97 93246->93248 93251 2733be77cb5 93246->93251 93266 2733be7b128 37 API calls 2 library calls 93248->93266 93250 2733be77ca5 93250->93228 93251->93250 93258 2733be7dc0c 93251->93258 93253->93229 93254->93234 93255->93231 93256->93239 93257->93241 93259 2733be7dc3c 93258->93259 93268 2733be7da40 93259->93268 93261 2733be7dc55 93262 2733be7dc7b 93261->93262 93275 2733be6db64 37 API calls 3 library calls 93261->93275 93265 2733be7dc90 93262->93265 93276 2733be6db64 37 API calls 3 library calls 93262->93276 93265->93250 93266->93250 93267->93250 93270 2733be7da97 93268->93270 93272 2733be7da69 93268->93272 93269 2733be7dab0 93282 2733be6fb20 37 API calls 2 library calls 93269->93282 93270->93269 93273 2733be7db07 93270->93273 93272->93261 93273->93272 93277 2733be7db60 93273->93277 93275->93262 93276->93265 93283 2733be83b78 93277->93283 93280 2733be7db9e SetFilePointerEx 93281 2733be7db8d __std_fs_convert_narrow_to_wide _fread_nolock 93280->93281 93281->93272 93282->93272 93284 2733be83b81 93283->93284 93286 2733be83b96 93283->93286 93295 2733be740ac 7 API calls _Strcoll 93284->93295 93291 2733be7db87 93286->93291 93297 2733be740ac 7 API calls _Strcoll 93286->93297 93287 2733be83b86 93296 2733be740cc 7 API calls _Strcoll 93287->93296 93290 2733be83bd1 93298 2733be740cc 7 API calls _Strcoll 93290->93298 93291->93280 93291->93281 93293 2733be83bd9 93299 2733be6fbec 37 API calls _invalid_parameter_noinfo 93293->93299 93295->93287 93296->93291 93297->93290 93298->93293 93299->93291 93300 7ff626bf1940 93303 7ff626bf17d0 93300->93303 93302 7ff626bf195d 93319 7ff626bf17b0 93303->93319 93307 7ff626bf18d8 93308 7ff626bf1917 _CallMemberFunction0 93307->93308 93377 7ff626bea560 93307->93377 93308->93302 93309 7ff626bf17e2 _CallMemberFunction0 93309->93307 93317 7ff626bf1970 94 API calls 93309->93317 93318 7ff626bea560 59 API calls 93309->93318 93325 7ff626c221cc 93309->93325 93328 7ff626bf7980 93309->93328 93314 7ff626bea560 59 API calls 93314->93308 93317->93309 93318->93309 93398 7ff626c222ac GetSystemTimeAsFileTime 93319->93398 93322 7ff626c221f8 93400 7ff626c25cb8 GetLastError 93322->93400 93326 7ff626c25cb8 _Getctype 47 API calls 93325->93326 93327 7ff626c221d5 93326->93327 93327->93309 93329 7ff626bf79b7 std::ios_base::_Init 93328->93329 93433 7ff626bf7c00 93329->93433 93378 7ff626bea598 char_traits 93377->93378 94039 7ff626be79a0 93378->94039 93383 7ff626bea8eb 93384 7ff626c35500 _Find_unchecked 8 API calls 93383->93384 93385 7ff626bea903 93384->93385 93387 7ff626bf1970 93385->93387 93386 7ff626bea64c Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::width 94043 7ff626be7da0 93386->94043 93388 7ff626be79a0 59 API calls 93387->93388 93389 7ff626bf19b1 93388->93389 93397 7ff626bf1a17 Concurrency::details::WorkQueue::IsStructuredEmpty 93389->93397 94074 7ff626bea940 85 API calls 5 library calls 93389->94074 93390 7ff626be7da0 50 API calls 93391 7ff626bf1bd2 93390->93391 93392 7ff626be7950 59 API calls 93391->93392 93394 7ff626bf1bed 93392->93394 93395 7ff626c35500 _Find_unchecked 8 API calls 93394->93395 93396 7ff626bf1908 93395->93396 93396->93314 93397->93390 93399 7ff626bf17c3 93398->93399 93399->93322 93401 7ff626c25cf9 FlsSetValue 93400->93401 93402 7ff626c25cdc FlsGetValue 93400->93402 93403 7ff626c25ce9 93401->93403 93405 7ff626c25d0b 93401->93405 93402->93403 93404 7ff626c25cf3 93402->93404 93406 7ff626c25d65 SetLastError 93403->93406 93404->93401 93423 7ff626c25798 11 API calls 3 library calls 93405->93423 93409 7ff626c22205 93406->93409 93410 7ff626c25d85 93406->93410 93408 7ff626c25d1a 93412 7ff626c25d38 FlsSetValue 93408->93412 93413 7ff626c25d28 FlsSetValue 93408->93413 93409->93309 93431 7ff626c25324 47 API calls 2 library calls 93410->93431 93416 7ff626c25d56 93412->93416 93417 7ff626c25d44 FlsSetValue 93412->93417 93415 7ff626c25d31 93413->93415 93424 7ff626c25810 93415->93424 93430 7ff626c25a68 11 API calls memcpy_s 93416->93430 93417->93415 93421 7ff626c25d5e 93422 7ff626c25810 __free_lconv_num 11 API calls 93421->93422 93422->93406 93423->93408 93425 7ff626c25844 93424->93425 93426 7ff626c25815 RtlFreeHeap 93424->93426 93425->93403 93426->93425 93427 7ff626c25830 GetLastError 93426->93427 93428 7ff626c2583d __free_lconv_num 93427->93428 93432 7ff626c25920 11 API calls memcpy_s 93428->93432 93430->93421 93432->93425 93434 7ff626bf7c13 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 93433->93434 93509 7ff626bf84e0 93434->93509 93439 7ff626be6610 93440 7ff626be6637 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init char_traits 93439->93440 93586 7ff626beac90 93440->93586 93443 7ff626bf6330 93618 7ff626bf84b0 93443->93618 93446 7ff626be6450 93634 7ff626be7e40 93446->93634 93515 7ff626bf8870 93509->93515 93512 7ff626bf8440 93561 7ff626bf8820 93512->93561 93516 7ff626bf88a1 93515->93516 93519 7ff626bf8bc0 93516->93519 93520 7ff626bf8be2 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 93519->93520 93525 7ff626bfc470 93520->93525 93522 7ff626bf8c19 UnDecorator::getVbTableType 93523 7ff626c35500 _Find_unchecked 8 API calls 93522->93523 93524 7ff626bf7c33 93523->93524 93524->93512 93530 7ff626bfc770 93525->93530 93527 7ff626bfc497 UnDecorator::getVbTableType 93528 7ff626c35500 _Find_unchecked 8 API calls 93527->93528 93529 7ff626bfc4fe 93528->93529 93529->93522 93535 7ff626bffd80 93530->93535 93536 7ff626bfc788 93535->93536 93537 7ff626bffdae 93535->93537 93539 7ff626becc20 93536->93539 93549 7ff626be4160 RtlPcToFileHeader RaiseException std::ios_base::_Init Concurrency::cancel_current_task 93537->93549 93540 7ff626becc35 allocator 93539->93540 93546 7ff626becc31 93539->93546 93541 7ff626becc41 93540->93541 93542 7ff626becc4d 93540->93542 93558 7ff626be4210 93541->93558 93543 7ff626becc64 93542->93543 93544 7ff626becc58 93542->93544 93548 7ff626be4210 allocator 14 API calls 93543->93548 93550 7ff626becd80 93544->93550 93546->93527 93548->93546 93549->93536 93551 7ff626becda3 93550->93551 93552 7ff626becda8 93550->93552 93553 7ff626be4160 allocator RtlPcToFileHeader RaiseException 93551->93553 93554 7ff626be4210 allocator 14 API calls 93552->93554 93553->93552 93556 7ff626becdb3 93554->93556 93555 7ff626c22154 _invalid_parameter_noinfo_noreturn 47 API calls 93555->93556 93556->93555 93557 7ff626becdd4 93556->93557 93557->93546 93559 7ff626c35554 std::ios_base::_Init 14 API calls 93558->93559 93560 7ff626be4223 93559->93560 93560->93546 93562 7ff626bf8851 93561->93562 93565 7ff626bf8b40 93562->93565 93566 7ff626bf8b62 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 93565->93566 93571 7ff626bfc3d0 93566->93571 93568 7ff626bf8b99 UnDecorator::getVbTableType 93569 7ff626c35500 _Find_unchecked 8 API calls 93568->93569 93570 7ff626bf79c4 93569->93570 93570->93439 93576 7ff626bfc700 93571->93576 93573 7ff626bfc3f7 UnDecorator::getVbTableType 93574 7ff626c35500 _Find_unchecked 8 API calls 93573->93574 93575 7ff626bfc45e 93574->93575 93575->93568 93581 7ff626bffd40 93576->93581 93579 7ff626becc20 allocator 50 API calls 93580 7ff626bfc720 93579->93580 93580->93573 93582 7ff626bfc718 93581->93582 93583 7ff626bffd6e 93581->93583 93582->93579 93585 7ff626be4160 RtlPcToFileHeader RaiseException std::ios_base::_Init Concurrency::cancel_current_task 93583->93585 93585->93582 93599 7ff626bec520 93586->93599 93590 7ff626beacd5 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 93591 7ff626bec520 std::ios_base::_Init 8 API calls 93590->93591 93596 7ff626bead11 Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 93590->93596 93592 7ff626bead8a 93591->93592 93604 7ff626bec470 93592->93604 93597 7ff626c35500 _Find_unchecked 8 API calls 93596->93597 93598 7ff626be665c 93597->93598 93598->93443 93600 7ff626bec542 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init _Min_value _Max_value 93599->93600 93601 7ff626c35500 _Find_unchecked 8 API calls 93600->93601 93602 7ff626beacc6 93601->93602 93602->93590 93603 7ff626be4310 50 API calls std::_Xinvalid_argument 93602->93603 93603->93590 93605 7ff626bec4ac _Max_value 93604->93605 93606 7ff626c35500 _Find_unchecked 8 API calls 93605->93606 93607 7ff626bead9f 93606->93607 93608 7ff626becac0 93607->93608 93611 7ff626bea910 93608->93611 93610 7ff626becaf9 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init allocator 93610->93596 93614 7ff626bec5f0 93611->93614 93615 7ff626bec608 allocator 93614->93615 93616 7ff626becc20 allocator 50 API calls 93615->93616 93617 7ff626bea930 93616->93617 93617->93610 93621 7ff626bfbd20 93618->93621 93622 7ff626bfbd67 93621->93622 93624 7ff626bfbd8c 93622->93624 93631 7ff626bfc730 50 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 93622->93631 93625 7ff626c35500 _Find_unchecked 8 API calls 93624->93625 93626 7ff626bf6360 93625->93626 93626->93446 93627 7ff626bfbdc6 Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 93632 7ff626bff9f0 50 API calls 2 library calls 93627->93632 93629 7ff626bfbe52 93633 7ff626bfc540 47 API calls 2 library calls 93629->93633 93631->93627 93632->93629 93633->93624 93635 7ff626be7e5d Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 93634->93635 93637 7ff626be7e99 UnDecorator::getVbTableType 93635->93637 93638 7ff626be97a0 93635->93638 94040 7ff626be79bd std::ios_base::good 94039->94040 94041 7ff626be79e4 std::ios_base::good 94040->94041 94052 7ff626be94c0 59 API calls _Find_unchecked 94040->94052 94041->93386 94044 7ff626be7dbc std::ios_base::good 94043->94044 94053 7ff626be9670 94044->94053 94047 7ff626be7950 94068 7ff626c3b640 __uncaught_exceptions 94047->94068 94049 7ff626be798d 94049->93383 94050 7ff626be795e 94050->94049 94072 7ff626be95a0 50 API calls 2 library calls 94050->94072 94052->94041 94054 7ff626be9697 94053->94054 94057 7ff626be5820 94054->94057 94058 7ff626be5900 94057->94058 94059 7ff626be587a 94057->94059 94058->94047 94061 7ff626be588f std::make_error_code 94059->94061 94065 7ff626c377d4 RtlPcToFileHeader RaiseException 94059->94065 94066 7ff626be57c0 50 API calls std::ios_base::_Init 94061->94066 94063 7ff626be58ef 94067 7ff626c377d4 RtlPcToFileHeader RaiseException 94063->94067 94065->94061 94066->94063 94067->94058 94068->94050 94069 7ff626c474e4 94068->94069 94073 7ff626c37cb8 8 API calls __vcrt_FlsGetValue 94069->94073 94071 7ff626c474ed 94071->94050 94072->94049 94073->94071 94074->93397 94075 2733be831a1 94087 2733be8a234 94075->94087 94092 2733be781fc 94087->94092 94089 2733be8a23d __crtLCMapStringW 94115 2733be77bc4 37 API calls __std_fs_directory_iterator_open 94089->94115 94093 2733be78211 __std_fs_convert_narrow_to_wide 94092->94093 94094 2733be78220 FlsGetValue 94093->94094 94095 2733be7823d FlsSetValue 94093->94095 94096 2733be78237 94094->94096 94097 2733be7822d 94094->94097 94095->94097 94098 2733be7824f 94095->94098 94096->94095 94099 2733be782a9 SetLastError 94097->94099 94116 2733be7bbb8 7 API calls 3 library calls 94098->94116 94102 2733be782c9 94099->94102 94103 2733be782b6 94099->94103 94101 2733be7825e 94105 2733be7827c FlsSetValue 94101->94105 94106 2733be7826c FlsSetValue 94101->94106 94123 2733be77bc4 37 API calls __std_fs_directory_iterator_open 94102->94123 94103->94089 94109 2733be7829a 94105->94109 94110 2733be78288 FlsSetValue 94105->94110 94108 2733be78275 94106->94108 94117 2733be7b550 94108->94117 94122 2733be77fac 7 API calls _Strcoll 94109->94122 94110->94108 94113 2733be782a2 94114 2733be7b550 __free_lconv_num 7 API calls 94113->94114 94114->94099 94116->94101 94118 2733be7b555 HeapFree 94117->94118 94119 2733be7b586 94117->94119 94118->94119 94120 2733be7b570 __std_fs_convert_narrow_to_wide __free_lconv_num 94118->94120 94119->94097 94124 2733be740cc 7 API calls _Strcoll 94120->94124 94122->94113 94124->94119 94125 2733be59fe0 94126 2733be5a073 94125->94126 94181 2733be0d6c0 94126->94181 94128 2733be5a098 ISource 94130 2733be5a5e7 94128->94130 94190 2733be0e9a0 94128->94190 94282 2733be0e0f0 39 API calls Concurrency::cancel_current_task 94130->94282 94132 2733be5a146 94132->94130 94172 2733be5a1a7 ISource 94132->94172 94133 2733be5a104 memcpy_s 94133->94132 94196 2733be691d0 94133->94196 94134 2733be8cb70 _Strcoll 3 API calls 94137 2733be5a1d9 94134->94137 94136 2733be5a229 94180 2733be5a4b0 94136->94180 94211 2733be679c0 94136->94211 94172->94134 94180->94172 94281 2733be319c0 38 API calls 94180->94281 94182 2733be0d700 94181->94182 94183 2733be0d82a 94182->94183 94187 2733be0d746 94182->94187 94287 2733be14e90 94183->94287 94185 2733be0d832 94299 2733be0cff0 94185->94299 94188 2733be0d7aa _Yarn 94187->94188 94286 2733be286f0 38 API calls 4 library calls 94187->94286 94188->94128 94191 2733be0e9d1 94190->94191 94319 2733be998c0 94191->94319 94194 2733be8cb70 _Strcoll 3 API calls 94195 2733be0ea72 94194->94195 94195->94133 94356 2733be21a70 94196->94356 94203 2733be692df 94380 2733be31f80 37 API calls _Strcoll 94203->94380 94204 2733be69368 94210 2733be69318 94204->94210 94382 2733be0cc70 38 API calls 94204->94382 94206 2733be692f1 94381 2733be339f0 53 API calls 4 library calls 94206->94381 94208 2733be693d2 Concurrency::cancel_current_task 94210->94136 94577 2733be20840 94211->94577 94213 2733be679f6 94585 2733be6aeb0 94213->94585 94281->94132 94286->94188 94290 2733be14ebe 94287->94290 94292 2733be14eda _Yarn 94290->94292 94293 2733be14f74 94290->94293 94294 2733be14f4d 94290->94294 94295 2733be14fb3 94290->94295 94298 2733be14f5e 94290->94298 94292->94185 94296 2733be8cb98 std::_Facet_Register 38 API calls 94293->94296 94297 2733be8cb98 std::_Facet_Register 38 API calls 94294->94297 94294->94298 94314 2733be0b870 38 API calls 94295->94314 94296->94292 94297->94298 94298->94292 94313 2733be0b7b0 38 API calls 2 library calls 94298->94313 94303 2733be0d00f 94299->94303 94300 2733be0d147 94302 2733be0d20e 94300->94302 94309 2733be0d157 94300->94309 94301 2733be0d11b 94301->94300 94306 2733be0d170 94301->94306 94318 2733be215a0 38 API calls 94302->94318 94303->94301 94311 2733be0d0fa 94303->94311 94306->94309 94316 2733be24c50 38 API calls 4 library calls 94306->94316 94307 2733be0d105 94307->94188 94317 2733be1fa70 38 API calls _Yarn 94309->94317 94315 2733be0d870 38 API calls _Yarn 94311->94315 94313->94295 94315->94307 94316->94309 94317->94307 94321 2733be99902 94319->94321 94320 2733be8cb70 _Strcoll 3 API calls 94323 2733be0e9ed 94320->94323 94322 2733be99a1d 94321->94322 94324 2733be99963 GetFileAttributesExW 94321->94324 94335 2733be9990b __std_fs_convert_narrow_to_wide 94321->94335 94351 2733be99c94 CreateFileW __std_fs_convert_narrow_to_wide 94322->94351 94323->94194 94327 2733be999c8 94324->94327 94328 2733be99977 __std_fs_convert_narrow_to_wide 94324->94328 94326 2733be99a40 94329 2733be99b13 94326->94329 94330 2733be99a75 GetFileInformationByHandleEx 94326->94330 94342 2733be99a46 ProcessCodePage 94326->94342 94327->94322 94327->94335 94331 2733be99986 FindFirstFileW 94328->94331 94328->94335 94333 2733be99b2e GetFileInformationByHandleEx 94329->94333 94329->94342 94332 2733be99ab5 94330->94332 94339 2733be99a8f __std_fs_convert_narrow_to_wide ProcessCodePage 94330->94339 94334 2733be999a5 FindClose 94331->94334 94331->94335 94332->94329 94337 2733be99ad6 GetFileInformationByHandleEx 94332->94337 94341 2733be99b44 __std_fs_convert_narrow_to_wide ProcessCodePage 94333->94341 94333->94342 94334->94327 94335->94320 94336 2733be99bd5 94352 2733be77bc4 37 API calls __std_fs_directory_iterator_open 94336->94352 94337->94329 94343 2733be99af2 __std_fs_convert_narrow_to_wide ProcessCodePage 94337->94343 94345 2733be99be6 94339->94345 94347 2733be99a5f 94339->94347 94340 2733be99bda 94353 2733be77bc4 37 API calls __std_fs_directory_iterator_open 94340->94353 94346 2733be99be0 94341->94346 94341->94347 94342->94335 94342->94336 94342->94347 94343->94340 94343->94347 94355 2733be77bc4 37 API calls __std_fs_directory_iterator_open 94345->94355 94354 2733be77bc4 37 API calls __std_fs_directory_iterator_open 94346->94354 94347->94335 94351->94326 94357 2733be8cb98 std::_Facet_Register 38 API calls 94356->94357 94358 2733be21ad1 94357->94358 94383 2733be9a8fc 94358->94383 94360 2733be21ae1 94392 2733be21dd0 94360->94392 94363 2733be21b6e 94365 2733be21b7b 94363->94365 94407 2733be9abc8 EnterCriticalSection FreeLibrary GetProcAddress std::_Lockit::_Lockit 94363->94407 94364 2733be21b96 94408 2733be0cc70 38 API calls 94364->94408 94369 2733be32460 94365->94369 94368 2733be21bd6 Concurrency::cancel_current_task 94420 2733be214c0 94369->94420 94372 2733be9ae38 94374 2733be9ae7e 94372->94374 94376 2733be692d6 94374->94376 94425 2733be9c510 94374->94425 94375 2733be9aeb1 94375->94376 94442 2733be6f7cc 37 API calls ProcessCodePage 94375->94442 94376->94203 94376->94204 94378 2733be9aecc 94378->94376 94443 2733be6e530 38 API calls ProcessCodePage 94378->94443 94380->94206 94381->94210 94382->94208 94409 2733be9a29c 94383->94409 94385 2733be9a91e 94391 2733be9a962 _Yarn 94385->94391 94413 2733be9aaf4 38 API calls std::_Facet_Register 94385->94413 94387 2733be9a936 94414 2733be9ab24 38 API calls std::locale::_Setgloballocale 94387->94414 94389 2733be9a941 94389->94391 94415 2733be6efd8 8 API calls 3 library calls 94389->94415 94391->94360 94393 2733be9a29c std::_Lockit::_Lockit 3 API calls 94392->94393 94394 2733be21e00 94393->94394 94395 2733be9a29c std::_Lockit::_Lockit 3 API calls 94394->94395 94397 2733be21e25 94394->94397 94395->94397 94396 2733be21e9d 94398 2733be8cb70 _Strcoll 3 API calls 94396->94398 94397->94396 94417 2733be0c910 56 API calls 7 library calls 94397->94417 94399 2733be21b12 94398->94399 94399->94363 94399->94364 94401 2733be21eaf 94402 2733be21eb5 94401->94402 94403 2733be21f16 94401->94403 94418 2733be9a8bc 38 API calls std::_Facet_Register 94402->94418 94419 2733be0c450 38 API calls 2 library calls 94403->94419 94406 2733be21f1b 94407->94365 94408->94368 94410 2733be9a2ab 94409->94410 94411 2733be9a2b0 94409->94411 94416 2733be7a73c EnterCriticalSection FreeLibrary GetProcAddress std::_Locinfo::_Locinfo_ctor 94410->94416 94411->94385 94413->94387 94414->94389 94415->94391 94417->94401 94418->94396 94419->94406 94421 2733be8cb98 std::_Facet_Register 38 API calls 94420->94421 94422 2733be21537 94421->94422 94423 2733be9a8fc 42 API calls 94422->94423 94424 2733be21547 94423->94424 94424->94204 94424->94372 94426 2733be9c43c 94425->94426 94427 2733be9c462 94426->94427 94430 2733be9c495 94426->94430 94454 2733be740cc 7 API calls _Strcoll 94427->94454 94429 2733be9c467 94455 2733be6fbec 37 API calls _invalid_parameter_noinfo 94429->94455 94431 2733be9c49b 94430->94431 94432 2733be9c4a8 94430->94432 94456 2733be740cc 7 API calls _Strcoll 94431->94456 94444 2733be7b830 94432->94444 94436 2733be9c472 94436->94375 94442->94378 94443->94376 94458 2733be7a6cc EnterCriticalSection 94444->94458 94454->94429 94455->94436 94456->94436 94578 2733be20996 94577->94578 94579 2733be20873 94577->94579 94578->94579 94581 2733be209a3 94578->94581 94580 2733be8cb70 _Strcoll 3 API calls 94579->94580 94582 2733be208a2 94580->94582 94644 2733be25540 38 API calls 3 library calls 94581->94644 94582->94213 94584 2733be209c4 Concurrency::cancel_current_task 94586 2733be6af04 94585->94586 94645 2733be73fc4 94586->94645 94590 2733be6b011 94668 2733be57f10 94590->94668 94593 2733be8cb70 _Strcoll 3 API calls 94594 2733be67a59 94593->94594 94595 2733be68b70 94594->94595 94596 2733be68e81 94595->94596 94600 2733be68bbb memcpy_s 94595->94600 94762 2733be6c4d0 94596->94762 94796 2733be44f50 38 API calls 94600->94796 94644->94584 94646 2733be781fc __std_fs_code_page 37 API calls 94645->94646 94647 2733be73fcd 94646->94647 94673 2733be7a488 94647->94673 94650 2733be69610 94651 2733be69633 94650->94651 94655 2733be69680 94650->94655 94678 2733be6abc0 94651->94678 94653 2733be6abc0 38 API calls 94653->94655 94654 2733be69638 94654->94655 94656 2733be6abc0 38 API calls 94654->94656 94655->94653 94666 2733be696d3 94655->94666 94657 2733be69647 94656->94657 94658 2733be6965d 94657->94658 94659 2733be6abc0 38 API calls 94657->94659 94660 2733be8cb70 _Strcoll 3 API calls 94658->94660 94662 2733be69656 94659->94662 94663 2733be6967a 94660->94663 94661 2733be697d8 94664 2733be8cb70 _Strcoll 3 API calls 94661->94664 94662->94655 94662->94658 94663->94590 94665 2733be6992b 94664->94665 94665->94590 94666->94661 94667 2733be6abc0 38 API calls 94666->94667 94667->94666 94669 2733be57f47 94668->94669 94670 2733be57f1e 94668->94670 94669->94593 94670->94669 94761 2733be0cc70 38 API calls 94670->94761 94672 2733be57f7e Concurrency::cancel_current_task 94674 2733be6afea 94673->94674 94675 2733be7a49d 94673->94675 94674->94650 94675->94674 94677 2733be83f24 37 API calls 3 library calls 94675->94677 94677->94674 94679 2733be6abe3 94678->94679 94683 2733be6abdd 94678->94683 94681 2733be6abfa 94679->94681 94693 2733be31370 94679->94693 94680 2733be6ac67 94680->94654 94681->94683 94684 2733be6ac94 94681->94684 94683->94680 94712 2733be4b010 94683->94712 94724 2733be0cc70 38 API calls 94684->94724 94686 2733be6acd6 Concurrency::cancel_current_task 94690 2733be6ad15 94686->94690 94725 2733be25990 38 API calls 4 library calls 94686->94725 94688 2733be6adc0 94688->94654 94689 2733be6abc0 38 API calls 94689->94690 94690->94688 94690->94689 94726 2733be25990 38 API calls 4 library calls 94690->94726 94694 2733be313ad 94693->94694 94696 2733be31443 94694->94696 94697 2733be31421 94694->94697 94702 2733be313bd ISource 94694->94702 94695 2733be8cb70 _Strcoll 3 API calls 94699 2733be315ef 94695->94699 94698 2733be6e614 37 API calls 94696->94698 94727 2733be6e614 94697->94727 94701 2733be31471 _Yarn 94698->94701 94699->94681 94706 2733be31591 94701->94706 94709 2733be6e614 37 API calls 94701->94709 94710 2733be31627 94701->94710 94744 2733be25990 38 API calls 4 library calls 94701->94744 94702->94695 94704 2733be31677 94705 2733be316a4 94704->94705 94711 2733be31370 38 API calls 94704->94711 94705->94681 94706->94702 94706->94704 94707 2733be316bb 94707->94681 94709->94701 94710->94706 94745 2733be6f10c 37 API calls 2 library calls 94710->94745 94711->94707 94713 2733be4b05a 94712->94713 94722 2733be4b08a _Yarn 94712->94722 94714 2733be4b076 94713->94714 94718 2733be4b0da 94713->94718 94713->94722 94716 2733be4b1b6 94714->94716 94717 2733be8cb98 std::_Facet_Register 38 API calls 94714->94717 94760 2733be0b7b0 38 API calls 2 library calls 94716->94760 94717->94722 94720 2733be8cb98 std::_Facet_Register 38 API calls 94718->94720 94720->94722 94721 2733be4b1bc 94723 2733be4b173 ISource 94722->94723 94759 2733be1e8f0 38 API calls 94722->94759 94723->94680 94724->94686 94725->94690 94726->94690 94728 2733be6e630 94727->94728 94732 2733be6e64e 94727->94732 94752 2733be740cc 7 API calls _Strcoll 94728->94752 94730 2733be6e635 94753 2733be6fbec 37 API calls _invalid_parameter_noinfo 94730->94753 94735 2733be77c1c _fread_nolock 37 API calls 94732->94735 94741 2733be6e672 94732->94741 94733 2733be6e6e4 94754 2733be740cc 7 API calls _Strcoll 94733->94754 94734 2733be6e70f 94746 2733be6e5d0 94734->94746 94735->94741 94738 2733be6e6e9 94755 2733be6fbec 37 API calls _invalid_parameter_noinfo 94738->94755 94741->94733 94741->94734 94743 2733be6e640 94743->94702 94744->94701 94745->94710 94747 2733be6e5dc 94746->94747 94751 2733be6e5ec 94746->94751 94757 2733be740cc 7 API calls _Strcoll 94747->94757 94751->94743 94752->94730 94753->94743 94754->94738 94760->94721 94761->94672 94862 2733be56480 94928 2733be59760 GetCurrentProcess OpenProcessToken 94862->94928 94865 2733be564a4 95135 2733be59aa0 39 API calls 2 library calls 94865->95135 94866 2733be564ce 94933 2733be65970 GetCurrentProcess OpenProcessToken 94866->94933 94869 2733be564ae 95136 2733be64740 66 API calls _Strcoll 94869->95136 94872 2733be65970 8 API calls 94874 2733be564e6 94872->94874 94873 2733be564b7 94876 2733be564c2 ExitProcess 94873->94876 94941 2733be61ff0 94874->94941 94876->94866 94877 2733be564f0 95115 2733be56eb0 94877->95115 94879 2733be56576 ISource 94880 2733be565b4 OpenMutexA 94879->94880 94888 2733be56746 94879->94888 94881 2733be565f9 CreateMutexA 94880->94881 94882 2733be565ed ExitProcess 94880->94882 95119 2733be509f0 94881->95119 94882->94881 94929 2733be597b8 GetTokenInformation 94928->94929 94930 2733be597f4 94928->94930 94929->94930 94931 2733be8cb70 _Strcoll 3 API calls 94930->94931 94932 2733be564a0 94931->94932 94932->94865 94932->94866 94934 2733be65a46 94933->94934 94935 2733be659db LookupPrivilegeValueW 94933->94935 94937 2733be65a5a 94934->94937 94938 2733be65a4e CloseHandle 94934->94938 94935->94934 94936 2733be659fc AdjustTokenPrivileges 94935->94936 94936->94934 94939 2733be8cb70 _Strcoll 3 API calls 94937->94939 94938->94937 94940 2733be564da 94939->94940 94940->94872 95137 2733be60c30 GetCurrentHwProfileW 94941->95137 94945 2733be620f9 94946 2733be62143 94945->94946 95503 2733be6de34 40 API calls 94945->95503 95159 2733be67550 94946->95159 94949 2733be62153 94950 2733be621cc ISource _Yarn 94949->94950 94956 2733be6219c 94949->94956 95504 2733be76cc0 94949->95504 94952 2733be6229a ISource 94950->94952 94957 2733be622dc 94950->94957 94954 2733be8cb70 _Strcoll 3 API calls 94952->94954 94953 2733be76cc0 37 API calls 94953->94956 94955 2733be622bf 94954->94955 94955->94877 94956->94950 94956->94953 95171 2733be60500 94957->95171 95116 2733be56ed2 95115->95116 95116->95116 95117 2733be45760 39 API calls 95116->95117 95118 2733be56ee6 95117->95118 95118->94879 95120 2733be50a21 95119->95120 95849 2733be518e0 38 API calls ISource 95120->95849 95122 2733be5113c 95123 2733be215c0 38 API calls 95122->95123 95124 2733be5117f 95123->95124 95850 2733be443c0 95124->95850 95135->94869 95136->94873 95138 2733be60c7a 95137->95138 95139 2733be60cd9 95137->95139 95513 2733be51bf0 95138->95513 95142 2733be8cb70 _Strcoll 3 API calls 95139->95142 95141 2733be60c89 95141->95139 95522 2733be6de34 40 API calls 95141->95522 95144 2733be60d51 95142->95144 95145 2733be60250 95144->95145 95538 2733be59920 95145->95538 95149 2733be602f3 ISource memcpy_s 95150 2733be60417 95149->95150 95158 2733be60341 95149->95158 95549 2733be52490 57 API calls 95149->95549 95151 2733be8cb70 _Strcoll 3 API calls 95153 2733be603fe 95151->95153 95153->94945 95154 2733be6037d 95550 2733be525f0 56 API calls 2 library calls 95154->95550 95156 2733be603a4 95551 2733be1e100 95156->95551 95158->95151 95162 2733be67599 95159->95162 95170 2733be67698 95159->95170 95163 2733be675d8 95162->95163 95165 2733be67636 95162->95165 95166 2733be675fa _Yarn 95162->95166 95164 2733be8cb98 std::_Facet_Register 38 API calls 95163->95164 95169 2733be675f1 95163->95169 95164->95169 95167 2733be8cb98 std::_Facet_Register 38 API calls 95165->95167 95166->94949 95167->95166 95169->95166 95564 2733be0b7b0 38 API calls 2 library calls 95169->95564 95565 2733be0b870 38 API calls 95170->95565 95172 2733be60559 memcpy_s 95171->95172 95173 2733be8cb98 std::_Facet_Register 38 API calls 95172->95173 95174 2733be605c3 95173->95174 95175 2733be60608 EnumDisplayDevicesW 95174->95175 95181 2733be606c9 95175->95181 95183 2733be60625 ISource 95175->95183 95176 2733be51bf0 38 API calls 95176->95183 95178 2733be606d1 95179 2733be8cb70 _Strcoll 3 API calls 95178->95179 95180 2733be607ee 95179->95180 95186 2733be60420 RegGetValueA 95180->95186 95181->95178 95184 2733be20dc0 38 API calls 95181->95184 95182 2733be60691 EnumDisplayDevicesW 95182->95181 95182->95183 95183->95176 95183->95182 95185 2733be6080f 95183->95185 95566 2733be67d70 38 API calls 2 library calls 95183->95566 95184->95181 95187 2733be6049d 95186->95187 95188 2733be8cb70 _Strcoll 3 API calls 95187->95188 95189 2733be604df 95188->95189 95190 2733be60820 95189->95190 95191 2733be608af 95190->95191 95194 2733be608c0 ISource 95190->95194 95192 2733be251e0 38 API calls 95191->95192 95192->95194 95193 2733be20dc0 38 API calls 95193->95194 95194->95193 95195 2733be6099e 95194->95195 95199 2733be60c0b 95194->95199 95567 2733be9b3c4 GetNativeSystemInfo 95195->95567 95197 2733be609a3 95568 2733be45760 95197->95568 95200 2733be60a44 95201 2733be20dc0 38 API calls 95200->95201 95202 2733be60a8e 95201->95202 95203 2733be20dc0 38 API calls 95202->95203 95204 2733be60ae8 ISource 95203->95204 95204->95199 95205 2733be8cb70 _Strcoll 3 API calls 95204->95205 95206 2733be60bee 95205->95206 95207 2733be60110 95206->95207 95574 2733be8d830 95207->95574 95210 2733be6015f 95212 2733be51bf0 38 API calls 95210->95212 95211 2733be6016c 95213 2733be8cb70 _Strcoll 3 API calls 95211->95213 95212->95211 95503->94945 95505 2733be76cfa 95504->95505 95510 2733be76cd9 95504->95510 95506 2733be781fc __std_fs_code_page 37 API calls 95505->95506 95507 2733be76cff 95506->95507 95508 2733be7a488 __std_fs_code_page 37 API calls 95507->95508 95509 2733be76d18 95508->95509 95509->95510 95848 2733be7ddc0 37 API calls 3 library calls 95509->95848 95510->94949 95512 2733be76d4e 95512->94949 95514 2733be51c3e 95513->95514 95520 2733be51c1f ISource 95513->95520 95523 2733be14c00 95514->95523 95515 2733be8cb70 _Strcoll 3 API calls 95517 2733be51cde 95515->95517 95517->95141 95518 2733be51c67 95535 2733be51d00 38 API calls 2 library calls 95518->95535 95520->95515 95521 2733be51cec 95520->95521 95522->95141 95524 2733be14c26 95523->95524 95531 2733be14d24 95523->95531 95526 2733be14c31 _Yarn 95524->95526 95527 2733be14d1f 95524->95527 95529 2733be14c8a 95524->95529 95530 2733be14ce2 95524->95530 95526->95518 95536 2733be0b7b0 38 API calls 2 library calls 95527->95536 95529->95527 95532 2733be14c97 95529->95532 95533 2733be8cb98 std::_Facet_Register 38 API calls 95530->95533 95537 2733be0b870 38 API calls 95531->95537 95534 2733be8cb98 std::_Facet_Register 38 API calls 95532->95534 95533->95526 95534->95526 95535->95520 95536->95531 95555 2733be57d40 95538->95555 95541 2733be5996d 95543 2733be14c00 38 API calls 95541->95543 95548 2733be59a82 95541->95548 95544 2733be599de 95543->95544 95545 2733be59a47 ISource 95544->95545 95544->95548 95546 2733be8cb70 _Strcoll 3 API calls 95545->95546 95547 2733be59a6c GetVolumeInformationW 95546->95547 95547->95149 95561 2733be57b50 38 API calls Concurrency::cancel_current_task 95548->95561 95549->95154 95550->95156 95552 2733be1e148 95551->95552 95553 2733be1e1ac 95552->95553 95554 2733be215c0 38 API calls 95552->95554 95553->95158 95554->95553 95556 2733be57dbf 95555->95556 95557 2733be57da0 __std_fs_get_current_path 95555->95557 95556->95557 95562 2733be257d0 38 API calls 4 library calls 95556->95562 95560 2733be57ed5 95557->95560 95563 2733be257d0 38 API calls 4 library calls 95557->95563 95560->95541 95562->95557 95563->95557 95564->95170 95566->95183 95567->95197 95569 2733be45825 95568->95569 95572 2733be45790 _Yarn 95568->95572 95573 2733be49b20 39 API calls 4 library calls 95569->95573 95571 2733be4583a 95571->95200 95572->95200 95573->95571 95575 2733be60120 GetUserNameW 95574->95575 95575->95210 95575->95211 95848->95512 95849->95122 95851 2733be20840 38 API calls 95850->95851 95852 2733be443f6 95851->95852 95858 2733be475b0 95852->95858 95859 2733be475f4 95858->95859 95860 2733be73fc4 37 API calls 95859->95860 95861 2733be476cc 95860->95861 95913 2733be45850 95861->95913 95863 2733be44475 95864 2733be44710 95863->95864 95914 2733be45873 95913->95914 95919 2733be458c0 95913->95919 95932 2733be47280 38 API calls 95914->95932 95917 2733be45878 95917->95919 95933 2733be47280 38 API calls 95917->95933 95935 2733be45ca0 38 API calls 95919->95935 95920 2733be45887 95922 2733be4589d 95920->95922 95934 2733be47280 38 API calls 95920->95934 95921 2733be459f7 95925 2733be8cb70 _Strcoll 3 API calls 95921->95925 95924 2733be8cb70 _Strcoll 3 API calls 95922->95924 95928 2733be458ba 95924->95928 95929 2733be45af5 95925->95929 95926 2733be47280 38 API calls 95931 2733be45901 95926->95931 95927 2733be45896 95927->95919 95927->95922 95928->95863 95929->95863 95931->95921 95931->95926 95936 2733be45ca0 38 API calls 95931->95936 95932->95917 95933->95920 95934->95927 95935->95931 95936->95931 95950 2733be41340 95951 2733be0e9a0 44 API calls 95950->95951 95952 2733be4139f 95951->95952 95953 2733be0e9a0 44 API calls 95952->95953 95954 2733be41c14 95953->95954 95965 2733be42036 ISource 95954->95965 96005 2733be0d390 95954->96005 95956 2733be8cb70 _Strcoll 3 API calls 95958 2733be42061 95956->95958 95964 2733be41d1d 95964->95965 95966 2733be4207d 95964->95966 95965->95956 95967 2733be24670 38 API calls 95966->95967 95968 2733be420a5 95967->95968 95969 2733be24740 38 API calls 95968->95969 95970 2733be420ba Concurrency::cancel_current_task 95969->95970 96033 2733be0e080 95970->96033 96008 2733be0d3b9 96005->96008 96006 2733be14c00 38 API calls 96007 2733be0d44a 96006->96007 96009 2733be0d220 96007->96009 96008->96006 96010 2733be0d250 96009->96010 96037 2733be99570 96010->96037 96012 2733be0d2ea 96022 2733be44150 96012->96022 96013 2733be0d339 96043 2733be0c010 38 API calls 2 library calls 96013->96043 96015 2733be0d33f 96044 2733be0c3e0 38 API calls Concurrency::cancel_current_task 96015->96044 96016 2733be0d25c __std_fs_convert_wide_to_narrow 96016->96012 96016->96013 96016->96015 96018 2733be1fc80 38 API calls 96016->96018 96020 2733be0d2c0 __std_fs_convert_wide_to_narrow 96018->96020 96020->96012 96042 2733be0c3e0 38 API calls Concurrency::cancel_current_task 96020->96042 96023 2733be44176 96022->96023 96024 2733be45760 39 API calls 96023->96024 96025 2733be41c6b 96024->96025 96026 2733be59830 96025->96026 96050 2733be58f60 96026->96050 96029 2733be222d0 38 API calls 96030 2733be5988a 96029->96030 96031 2733be8cb70 _Strcoll 3 API calls 96030->96031 96032 2733be5990d 96031->96032 96032->95964 96034 2733be0e099 96033->96034 96284 2733be0da20 39 API calls ISource 96034->96284 96036 2733be0e0d0 Concurrency::cancel_current_task 96045 2733be84cb4 96037->96045 96040 2733be9958f 96040->96016 96041 2733be99582 AreFileApisANSI 96041->96040 96043->96015 96046 2733be781fc __std_fs_code_page 37 API calls 96045->96046 96047 2733be84cbd 96046->96047 96048 2733be7a488 __std_fs_code_page 37 API calls 96047->96048 96049 2733be84cd6 96048->96049 96049->96040 96049->96041 96051 2733be0e9a0 44 API calls 96050->96051 96053 2733be58faf memcpy_s 96051->96053 96052 2733be58fe7 96087 2733be58fef 96052->96087 96100 2733be596ee Concurrency::cancel_current_task 96052->96100 96053->96052 96057 2733be691d0 71 API calls 96053->96057 96053->96087 96055 2733be8cb70 _Strcoll 3 API calls 96056 2733be59691 96055->96056 96056->96029 96056->96030 96058 2733be5902e 96057->96058 96059 2733be59485 96058->96059 96060 2733be59091 96058->96060 96119 2733be34da0 96059->96119 96101 2733be63b30 GetCurrentProcess GetProcessId RmStartSession 96060->96101 96062 2733be59716 96153 2733be0cc70 38 API calls 96062->96153 96068 2733be59740 Concurrency::cancel_current_task 96071 2733be594d7 96076 2733be34da0 39 API calls 96071->96076 96072 2733be590b4 96073 2733be590c7 96072->96073 96074 2733be5919c GetFileSize 96072->96074 96073->96062 96077 2733be5910e ISource 96073->96077 96078 2733be591dd 96074->96078 96083 2733be591b8 memcpy_s 96074->96083 96075 2733be251e0 38 API calls 96075->96071 96079 2733be594ea 96076->96079 96146 2733be319c0 38 API calls 96077->96146 96078->96083 96086 2733be25b00 38 API calls 96078->96086 96134 2733be676a0 96079->96134 96082 2733be59242 SetFilePointer ReadFile 96094 2733be59291 96082->96094 96096 2733be593a2 96082->96096 96083->96082 96085 2733be5915f 96085->96087 96086->96082 96087->96055 96089 2733be5957b 96093 2733be595ad 96089->96093 96098 2733be596ac 96089->96098 96090 2733be59314 ISource 96147 2733be319c0 38 API calls 96090->96147 96091 2733be593f7 ISource 96148 2733be319c0 38 API calls 96091->96148 96150 2733be319c0 38 API calls 96093->96150 96094->96062 96094->96090 96096->96062 96096->96091 96151 2733be0cc70 38 API calls 96098->96151 96152 2733be0e0f0 39 API calls Concurrency::cancel_current_task 96100->96152 96102 2733be63b98 RmRegisterResources 96101->96102 96103 2733be63c91 96101->96103 96104 2733be63c88 RmEndSession 96102->96104 96105 2733be63bc3 RmGetList 96102->96105 96106 2733be8cb70 _Strcoll 3 API calls 96103->96106 96104->96103 96107 2733be63cd4 96105->96107 96108 2733be63bff 96105->96108 96110 2733be590a3 96106->96110 96109 2733be63cd7 RmEndSession 96107->96109 96108->96107 96108->96109 96111 2733be63c36 RmGetList 96108->96111 96109->96103 96145 2733be63cf0 47 API calls 5 library calls 96110->96145 96112 2733be63c5a 96111->96112 96113 2733be63ccc 96111->96113 96112->96113 96115 2733be63c5f 96112->96115 96155 2733be6efd8 8 API calls 3 library calls 96113->96155 96115->96104 96116 2733be63cb7 96115->96116 96154 2733be6efd8 8 API calls 3 library calls 96116->96154 96118 2733be63cbf RmEndSession 96118->96103 96120 2733be34dfd 96119->96120 96122 2733be34ee3 96119->96122 96156 2733be356c0 96120->96156 96174 2733be0cc70 38 API calls 96122->96174 96123 2733be34e22 96126 2733be34e59 Concurrency::cancel_current_task 96123->96126 96164 2733be30f70 96123->96164 96124 2733be34eb0 96130 2733be34cc0 96124->96130 96126->96124 96175 2733be0cc70 38 API calls 96126->96175 96128 2733be34f7e Concurrency::cancel_current_task 96132 2733be34cf0 96130->96132 96131 2733be356c0 38 API calls 96133 2733be34cff 96131->96133 96132->96131 96133->96071 96133->96075 96135 2733be676fd 96134->96135 96137 2733be67717 96134->96137 96135->96137 96144 2733be31370 38 API calls 96135->96144 96136 2733be677ba 96139 2733be677c5 ISource 96136->96139 96140 2733be215c0 38 API calls 96136->96140 96137->96136 96267 2733be6d450 96137->96267 96141 2733be8cb70 _Strcoll 3 API calls 96139->96141 96142 2733be67889 96139->96142 96140->96139 96143 2733be5954d 96141->96143 96143->96062 96149 2733be32080 38 API calls 96143->96149 96144->96137 96145->96072 96146->96085 96147->96085 96148->96085 96149->96089 96150->96087 96151->96100 96153->96068 96154->96118 96155->96107 96157 2733be35700 96156->96157 96161 2733be356dd 96156->96161 96159 2733be3570e 96157->96159 96160 2733be27060 38 API calls 96157->96160 96158 2733be356fa 96158->96123 96159->96123 96160->96159 96161->96158 96176 2733be0cc70 38 API calls 96161->96176 96163 2733be35763 ISource Concurrency::cancel_current_task 96163->96123 96165 2733be30fa3 96164->96165 96173 2733be30ffb 96165->96173 96177 2733be31e90 96165->96177 96167 2733be8cb70 _Strcoll 3 API calls 96169 2733be31069 96167->96169 96168 2733be30fc6 96170 2733be30fe6 96168->96170 96168->96173 96187 2733be6f734 96168->96187 96169->96126 96170->96173 96195 2733be6ed2c 96170->96195 96173->96167 96174->96126 96175->96128 96176->96163 96178 2733be31eb3 96177->96178 96179 2733be31f62 96177->96179 96178->96179 96185 2733be31ebd 96178->96185 96180 2733be8cb70 _Strcoll 3 API calls 96179->96180 96181 2733be31f71 96180->96181 96181->96168 96182 2733be31f01 96183 2733be8cb70 _Strcoll 3 API calls 96182->96183 96184 2733be31f1e 96183->96184 96184->96168 96185->96182 96204 2733be6ec88 37 API calls ProcessCodePage 96185->96204 96188 2733be6f764 96187->96188 96205 2733be6f4c4 96188->96205 96190 2733be6f77d 96191 2733be6f7a2 96190->96191 96212 2733be6db64 37 API calls 3 library calls 96190->96212 96193 2733be6f7b7 96191->96193 96213 2733be6db64 37 API calls 3 library calls 96191->96213 96193->96170 96196 2733be6ed55 96195->96196 96197 2733be6ed40 96195->96197 96196->96197 96199 2733be6ed5a 96196->96199 96241 2733be740cc 7 API calls _Strcoll 96197->96241 96233 2733be7cf38 96199->96233 96200 2733be6ed45 96242 2733be6fbec 37 API calls _invalid_parameter_noinfo 96200->96242 96203 2733be6ed50 96203->96173 96204->96182 96206 2733be6f52e 96205->96206 96207 2733be6f4ee 96205->96207 96206->96207 96209 2733be6f53a 96206->96209 96220 2733be6fb20 37 API calls 2 library calls 96207->96220 96214 2733be6f648 96209->96214 96211 2733be6f515 96211->96190 96212->96191 96213->96193 96215 2733be6f678 96214->96215 96216 2733be6f68d 96214->96216 96215->96211 96221 2733be6f560 96216->96221 96218 2733be6f697 96218->96215 96225 2733be6e23c 96218->96225 96220->96211 96222 2733be6f5e3 96221->96222 96223 2733be6f57a 96221->96223 96222->96218 96223->96222 96231 2733be7dcb0 37 API calls 2 library calls 96223->96231 96226 2733be6e262 96225->96226 96230 2733be6e293 96225->96230 96227 2733be77c1c _fread_nolock 37 API calls 96226->96227 96226->96230 96228 2733be6e283 96227->96228 96232 2733be7b128 37 API calls 2 library calls 96228->96232 96230->96215 96231->96222 96232->96230 96234 2733be7cf68 96233->96234 96243 2733be7ca44 96234->96243 96236 2733be7cf81 96237 2733be7cfa7 96236->96237 96249 2733be6db64 37 API calls 3 library calls 96236->96249 96239 2733be7cfbc 96237->96239 96250 2733be6db64 37 API calls 3 library calls 96237->96250 96239->96203 96241->96200 96242->96203 96244 2733be7ca8e 96243->96244 96245 2733be7ca5f 96243->96245 96251 2733be7cab0 96244->96251 96263 2733be6fb20 37 API calls 2 library calls 96245->96263 96247 2733be7ca7f 96247->96236 96249->96237 96250->96239 96252 2733be7cacb 96251->96252 96253 2733be7caf4 96251->96253 96264 2733be6fb20 37 API calls 2 library calls 96252->96264 96255 2733be77c1c _fread_nolock 37 API calls 96253->96255 96256 2733be7caf9 96255->96256 96257 2733be7cb76 96256->96257 96258 2733be7cb86 96256->96258 96260 2733be7caeb 96256->96260 96265 2733be7cd5c 38 API calls 2 library calls 96257->96265 96258->96260 96266 2733be7cc00 37 API calls _fread_nolock 96258->96266 96260->96247 96261 2733be7cb84 96261->96260 96263->96247 96264->96260 96265->96261 96266->96260 96278 2733be6d380 96267->96278 96269 2733be6d662 96269->96136 96271 2733be6d69f 96283 2733be0b7b0 38 API calls 2 library calls 96271->96283 96272 2733be6d380 38 API calls 96277 2733be6d48c ISource _Yarn 96272->96277 96273 2733be8cb98 38 API calls std::_Facet_Register 96273->96277 96275 2733be6d6a5 96276 2733be6d694 96282 2733be0b870 38 API calls 96276->96282 96277->96269 96277->96271 96277->96272 96277->96273 96277->96276 96279 2733be6d396 96278->96279 96280 2733be6d3b3 96278->96280 96279->96280 96281 2733be31370 38 API calls 96279->96281 96280->96277 96281->96280 96283->96275 96284->96036 96285 2733be60ddb RegOpenKeyExA 96286 2733be60e05 RegQueryValueExA 96285->96286 96291 2733be60e44 ISource 96285->96291 96286->96291 96287 2733be60eda 96290 2733be8cb70 _Strcoll 3 API calls 96287->96290 96288 2733be60ed4 RegCloseKey 96288->96287 96292 2733be60eed 96290->96292 96291->96287 96291->96288 96293 2733be311c0 96294 2733be311d8 96293->96294 96298 2733be311e4 _Yarn 96293->96298 96295 2733be311f5 _Yarn 96296 2733be3132e 96296->96295 96299 2733be6f3fc _fread_nolock 41 API calls 96296->96299 96298->96295 96298->96296 96300 2733be6f3fc 96298->96300 96299->96295 96303 2733be6f41c 96300->96303 96302 2733be6f414 96302->96298 96304 2733be6f446 96303->96304 96310 2733be6f475 96303->96310 96305 2733be6f455 memcpy_s 96304->96305 96306 2733be6f492 96304->96306 96304->96310 96327 2733be740cc 7 API calls _Strcoll 96305->96327 96312 2733be6f19c 96306->96312 96309 2733be6f46a 96328 2733be6fbec 37 API calls _invalid_parameter_noinfo 96309->96328 96310->96302 96316 2733be6f1cb memcpy_s 96312->96316 96319 2733be6f1e5 96312->96319 96313 2733be6f1d5 96349 2733be740cc 7 API calls _Strcoll 96313->96349 96315 2733be6f1da 96350 2733be6fbec 37 API calls _invalid_parameter_noinfo 96315->96350 96316->96313 96316->96319 96325 2733be6f23a _Yarn memcpy_s 96316->96325 96319->96310 96320 2733be6f3bd memcpy_s 96416 2733be740cc 7 API calls _Strcoll 96320->96416 96321 2733be77c1c _fread_nolock 37 API calls 96321->96325 96325->96319 96325->96320 96325->96321 96329 2733be7ba50 96325->96329 96351 2733be740cc 7 API calls _Strcoll 96325->96351 96352 2733be6fbec 37 API calls _invalid_parameter_noinfo 96325->96352 96353 2733be7d5f0 96325->96353 96327->96309 96328->96310 96330 2733be7ba6d 96329->96330 96334 2733be7ba98 96329->96334 96442 2733be740cc 7 API calls _Strcoll 96330->96442 96332 2733be7ba72 96443 2733be6fbec 37 API calls _invalid_parameter_noinfo 96332->96443 96335 2733be7bad4 96334->96335 96341 2733be7ba7d 96334->96341 96444 2733be7cfdc 7 API calls 2 library calls 96334->96444 96336 2733be77c1c _fread_nolock 37 API calls 96335->96336 96338 2733be7bae6 96336->96338 96417 2733be7d4d0 96338->96417 96340 2733be7baf3 96340->96341 96342 2733be77c1c _fread_nolock 37 API calls 96340->96342 96341->96325 96343 2733be7bb28 96342->96343 96343->96341 96344 2733be77c1c _fread_nolock 37 API calls 96343->96344 96345 2733be7bb34 96344->96345 96345->96341 96346 2733be77c1c _fread_nolock 37 API calls 96345->96346 96347 2733be7bb41 96346->96347 96348 2733be77c1c _fread_nolock 37 API calls 96347->96348 96348->96341 96349->96315 96350->96319 96351->96325 96352->96325 96354 2733be7d631 96353->96354 96355 2733be7d618 96353->96355 96357 2733be7da0b 96354->96357 96362 2733be7d67c 96354->96362 96462 2733be740ac 7 API calls _Strcoll 96355->96462 96477 2733be740ac 7 API calls _Strcoll 96357->96477 96358 2733be7d61d 96463 2733be740cc 7 API calls _Strcoll 96358->96463 96360 2733be7da10 96478 2733be740cc 7 API calls _Strcoll 96360->96478 96364 2733be7d626 96362->96364 96365 2733be7d685 96362->96365 96369 2733be7d6b6 96362->96369 96364->96325 96464 2733be740ac 7 API calls _Strcoll 96365->96464 96366 2733be7d691 96479 2733be6fbec 37 API calls _invalid_parameter_noinfo 96366->96479 96368 2733be7d68a 96465 2733be740cc 7 API calls _Strcoll 96368->96465 96372 2733be7d6dd 96369->96372 96373 2733be7d717 96369->96373 96374 2733be7d6ea 96369->96374 96372->96374 96377 2733be7d706 96372->96377 96375 2733be7dedc wcsftime 7 API calls 96373->96375 96466 2733be740ac 7 API calls _Strcoll 96374->96466 96378 2733be7d728 96375->96378 96454 2733be87c7c 96377->96454 96380 2733be7b550 __free_lconv_num 7 API calls 96378->96380 96379 2733be7d6ef 96467 2733be740cc 7 API calls _Strcoll 96379->96467 96383 2733be7d732 96380->96383 96386 2733be7b550 __free_lconv_num 7 API calls 96383->96386 96384 2733be7d6f6 96468 2733be6fbec 37 API calls _invalid_parameter_noinfo 96384->96468 96389 2733be7d739 96386->96389 96388 2733be7d859 96390 2733be7d8b7 ReadFile 96388->96390 96399 2733be7d863 _fread_nolock 96388->96399 96392 2733be7d75c 96389->96392 96393 2733be7d741 96389->96393 96394 2733be7d8dd 96390->96394 96395 2733be7d9d1 __std_fs_convert_narrow_to_wide 96390->96395 96391 2733be7d845 GetConsoleMode 96391->96388 96471 2733be7dcb0 37 API calls 2 library calls 96392->96471 96469 2733be740cc 7 API calls _Strcoll 96393->96469 96394->96395 96398 2733be7d8a6 96394->96398 96402 2733be7d9dc 96395->96402 96406 2733be7d887 __std_fs_convert_narrow_to_wide 96395->96406 96404 2733be7d93b 96398->96404 96405 2733be7d916 96398->96405 96415 2733be7d701 96398->96415 96399->96398 96399->96406 96400 2733be7b550 __free_lconv_num 7 API calls 96400->96364 96401 2733be7d746 96470 2733be740ac 7 API calls _Strcoll 96401->96470 96475 2733be740cc 7 API calls _Strcoll 96402->96475 96409 2733be7d9bf 96404->96409 96404->96415 96473 2733be7d208 38 API calls 4 library calls 96405->96473 96406->96415 96472 2733be74040 7 API calls 2 library calls 96406->96472 96474 2733be7d048 38 API calls _fread_nolock 96409->96474 96411 2733be7d9e1 96476 2733be740ac 7 API calls _Strcoll 96411->96476 96414 2733be7d9cc 96414->96415 96415->96400 96416->96315 96418 2733be7d4fa 96417->96418 96421 2733be7d52a 96417->96421 96445 2733be740ac 7 API calls _Strcoll 96418->96445 96420 2733be7d4ff 96446 2733be740cc 7 API calls _Strcoll 96420->96446 96422 2733be7d543 96421->96422 96425 2733be7d581 96421->96425 96447 2733be740ac 7 API calls _Strcoll 96422->96447 96427 2733be7d59f 96425->96427 96428 2733be7d58a 96425->96428 96426 2733be7d548 96448 2733be740cc 7 API calls _Strcoll 96426->96448 96434 2733be7d5bc 96427->96434 96435 2733be7d5d1 96427->96435 96450 2733be740ac 7 API calls _Strcoll 96428->96450 96431 2733be7d58f 96451 2733be740cc 7 API calls _Strcoll 96431->96451 96432 2733be7d550 96449 2733be6fbec 37 API calls _invalid_parameter_noinfo 96432->96449 96452 2733be740cc 7 API calls _Strcoll 96434->96452 96438 2733be7d5f0 _fread_nolock 41 API calls 96435->96438 96441 2733be7d507 96438->96441 96439 2733be7d5c1 96453 2733be740ac 7 API calls _Strcoll 96439->96453 96441->96340 96442->96332 96443->96341 96444->96335 96445->96420 96446->96441 96447->96426 96448->96432 96449->96441 96450->96431 96451->96432 96452->96439 96453->96441 96455 2733be87c92 96454->96455 96456 2733be87c85 96454->96456 96458 2733be7d826 96455->96458 96481 2733be740cc 7 API calls _Strcoll 96455->96481 96480 2733be740cc 7 API calls _Strcoll 96456->96480 96458->96388 96458->96391 96460 2733be87cc9 96482 2733be6fbec 37 API calls _invalid_parameter_noinfo 96460->96482 96462->96358 96463->96364 96464->96368 96465->96366 96466->96379 96467->96384 96468->96415 96469->96401 96470->96415 96471->96377 96472->96415 96473->96415 96474->96414 96475->96411 96476->96415 96477->96360 96478->96366 96479->96364 96480->96458 96481->96460 96482->96458 96483 2733be7749c 96484 2733be774b2 96483->96484 96485 2733be774cd 96483->96485 96513 2733be740cc 7 API calls _Strcoll 96484->96513 96485->96484 96487 2733be774e6 96485->96487 96489 2733be774ec 96487->96489 96492 2733be77509 96487->96492 96488 2733be774b7 96514 2733be6fbec 37 API calls _invalid_parameter_noinfo 96488->96514 96515 2733be740cc 7 API calls _Strcoll 96489->96515 96507 2733be816e0 96492->96507 96497 2733be77783 96502 2733be775c6 96506 2733be774c3 96502->96506 96535 2733be81724 37 API calls _isindst 96502->96535 96503 2733be77566 96503->96506 96534 2733be81724 37 API calls _isindst 96503->96534 96508 2733be7750e 96507->96508 96509 2733be816ef 96507->96509 96516 2733be807f8 96508->96516 96536 2733be7a6cc EnterCriticalSection 96509->96536 96513->96488 96514->96506 96515->96506 96517 2733be80801 96516->96517 96521 2733be77523 96516->96521 96537 2733be740cc 7 API calls _Strcoll 96517->96537 96519 2733be80806 96538 2733be6fbec 37 API calls _invalid_parameter_noinfo 96519->96538 96521->96497 96522 2733be80828 96521->96522 96523 2733be80831 96522->96523 96527 2733be77534 96522->96527 96539 2733be740cc 7 API calls _Strcoll 96523->96539 96525 2733be80836 96540 2733be6fbec 37 API calls _invalid_parameter_noinfo 96525->96540 96527->96497 96528 2733be80858 96527->96528 96529 2733be80861 96528->96529 96530 2733be77545 96528->96530 96541 2733be740cc 7 API calls _Strcoll 96529->96541 96530->96497 96530->96502 96530->96503 96532 2733be80866 96542 2733be6fbec 37 API calls _invalid_parameter_noinfo 96532->96542 96534->96506 96535->96506 96537->96519 96538->96521 96539->96525 96540->96527 96541->96532 96542->96530 96543 2733be5667d 96544 2733be56682 96543->96544 96566 2733be570e0 96544->96566 96550 2733be56696 96618 2733be15d60 96550->96618 96567 2733be57127 memcpy_s 96566->96567 96568 2733be1e1d0 57 API calls 96567->96568 96570 2733be57130 96568->96570 96571 2733be57155 96570->96571 96678 2733be57390 96570->96678 96572 2733be1e100 38 API calls 96571->96572 96573 2733be57162 96572->96573 96574 2733be222d0 38 API calls 96573->96574 96584 2733be572a9 ISource 96573->96584 96575 2733be57194 96574->96575 96576 2733be225a0 38 API calls 96575->96576 96580 2733be571ac 96576->96580 96577 2733be8cb70 _Strcoll 3 API calls 96578 2733be5668c 96577->96578 96585 2733be1a1f0 96578->96585 96579 2733be57378 96581 2733be1eda0 38 API calls 96580->96581 96582 2733be57284 96581->96582 96583 2733be20fb0 38 API calls 96582->96583 96583->96584 96584->96577 96584->96579 96586 2733be1a340 96585->96586 96587 2733be0d6c0 38 API calls 96586->96587 96588 2733be1a396 ISource 96587->96588 96589 2733be0e9a0 44 API calls 96588->96589 96591 2733be1ac73 96588->96591 96592 2733be1a3f9 96589->96592 96594 2733be0e080 39 API calls 96591->96594 96601 2733be1aaa7 ISource 96592->96601 96710 2733be22100 96592->96710 96593 2733be1abf8 ISource 96595 2733be8cb70 _Strcoll 3 API calls 96593->96595 96602 2733be1ac8f 96594->96602 96597 2733be1ac24 96595->96597 96596 2733be1ac53 96765 2733be0e0f0 39 API calls Concurrency::cancel_current_task 96596->96765 96614 2733be15a90 96597->96614 96601->96593 96601->96596 96601->96602 96603 2733be59830 100 API calls 96612 2733be1a50d ISource _Strcoll 96603->96612 96605 2733be0d390 38 API calls 96605->96612 96606 2733be0d220 39 API calls 96606->96612 96607 2733be222d0 38 API calls 96607->96612 96608 2733be225a0 38 API calls 96608->96612 96609 2733be324f0 38 API calls 96609->96612 96610 2733be1eda0 38 API calls 96610->96612 96612->96591 96612->96601 96612->96602 96612->96603 96612->96605 96612->96606 96612->96607 96612->96608 96612->96609 96612->96610 96613 2733be20fb0 38 API calls 96612->96613 96721 2733be0d490 38 API calls 96612->96721 96722 2733be20a90 38 API calls 3 library calls 96612->96722 96723 2733be1ecc0 96612->96723 96756 2733be0e660 96612->96756 96613->96612 96615 2733be15ae5 96614->96615 96616 2733be8cb70 _Strcoll 3 API calls 96615->96616 96617 2733be15d1b 96616->96617 96617->96550 96802 2733be613b0 96618->96802 96621 2733be15d93 ISource 96624 2733be15ecf 96621->96624 96812 2733be58e10 SHGetKnownFolderPath 96621->96812 96622 2733be15e45 ISource 96623 2733be8cb70 _Strcoll 3 API calls 96622->96623 96622->96624 96625 2733be15eba 96623->96625 96626 2733be5e9f0 96625->96626 96627 2733be5ea0f _Strcoll 96626->96627 96823 2733be661f0 96627->96823 96629 2733be5ea48 96630 2733be222d0 38 API calls 96629->96630 96631 2733be5ea64 96630->96631 96836 2733be21fa0 96631->96836 96633 2733be5ea88 ISource 96639 2733be5f1bc 96633->96639 96840 2733be5adc0 96633->96840 96635 2733be5ebb4 recv 96642 2733be5eb63 _Yarn memcpy_s 96635->96642 96645 2733be5ec66 96635->96645 96637 2733be25cb0 38 API calls 96637->96642 96947 2733be0b870 38 API calls 96639->96947 96642->96635 96642->96637 96642->96645 96679 2733be573c7 RegOpenKeyExA 96678->96679 96680 2733be573c4 96678->96680 96681 2733be573f3 RegCloseKey 96679->96681 96685 2733be573f9 96679->96685 96680->96679 96681->96685 96682 2733be8cb70 _Strcoll 3 API calls 96683 2733be5748b 96682->96683 96683->96570 96686 2733be57427 96685->96686 96689 2733be57474 96685->96689 96691 2733be574a0 62 API calls 3 library calls 96685->96691 96692 2733be610a0 96686->96692 96688 2733be5744a 96688->96689 96690 2733be57390 65 API calls 96688->96690 96689->96682 96690->96688 96691->96685 96693 2733be61114 RegOpenKeyExA 96692->96693 96694 2733be6135b 96693->96694 96701 2733be61137 ISource 96693->96701 96696 2733be6136a 96694->96696 96697 2733be61364 RegCloseKey 96694->96697 96695 2733be61144 RegEnumKeyExA 96695->96701 96698 2733be8cb70 _Strcoll 3 API calls 96696->96698 96697->96696 96699 2733be6137c 96698->96699 96699->96688 96700 2733be61397 96709 2733be0b870 38 API calls 96700->96709 96701->96694 96701->96695 96701->96700 96704 2733be693f0 38 API calls 96701->96704 96706 2733be613a2 96701->96706 96707 2733be27370 38 API calls 4 library calls 96701->96707 96708 2733be30070 38 API calls 96701->96708 96704->96701 96707->96701 96711 2733be14e90 38 API calls 96710->96711 96712 2733be2214c 96711->96712 96766 2733be0e150 96712->96766 96715 2733be8cb98 std::_Facet_Register 38 API calls 96718 2733be221c4 96715->96718 96717 2733be22293 96719 2733be8cb70 _Strcoll 3 API calls 96717->96719 96784 2733be997f0 38 API calls __std_fs_directory_iterator_open 96718->96784 96720 2733be222af 96719->96720 96720->96612 96721->96612 96722->96612 96724 2733be1ecda 96723->96724 96725 2733be1ece0 96723->96725 96726 2733be1ecde 96724->96726 96727 2733be1ed4b 96724->96727 96728 2733be20840 38 API calls 96725->96728 96729 2733be1ed0c 96726->96729 96737 2733be1ed2d 96726->96737 96731 2733be24670 38 API calls 96727->96731 96728->96726 96730 2733be21730 3 API calls 96729->96730 96734 2733be1ed17 96730->96734 96732 2733be1ed71 96731->96732 96735 2733be24740 38 API calls 96732->96735 96733 2733be2a039 96800 2733be1e8f0 38 API calls 96733->96800 96734->96612 96740 2733be1ed84 Concurrency::cancel_current_task 96735->96740 96737->96733 96738 2733be2a034 96737->96738 96742 2733be29f9b 96737->96742 96743 2733be29f6f 96737->96743 96750 2733be29f5d 96737->96750 96799 2733be0b7b0 38 API calls 2 library calls 96738->96799 96741 2733be2a03f 96744 2733be8cb98 std::_Facet_Register 38 API calls 96742->96744 96743->96738 96746 2733be29f7c 96743->96746 96744->96750 96745 2733be21730 3 API calls 96747 2733be29fd4 96745->96747 96748 2733be8cb98 std::_Facet_Register 38 API calls 96746->96748 96749 2733be29fe5 96747->96749 96796 2733be2a210 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 96747->96796 96748->96750 96797 2733be2a210 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 96749->96797 96750->96741 96750->96745 96753 2733be2a00f 96798 2733be26c80 38 API calls ISource 96753->96798 96755 2733be2a021 96755->96612 96758 2733be0e690 96756->96758 96757 2733be997d0 2 API calls 96757->96758 96758->96757 96759 2733be0e75e 96758->96759 96760 2733be0e6cb 96758->96760 96801 2733be0df70 38 API calls 2 library calls 96759->96801 96761 2733be8cb70 _Strcoll 3 API calls 96760->96761 96764 2733be0e749 96761->96764 96763 2733be0e76c 96764->96612 96767 2733be0e18f 96766->96767 96768 2733be0e2bf ISource 96767->96768 96769 2733be14e90 38 API calls 96767->96769 96770 2733be8cb70 _Strcoll 3 API calls 96768->96770 96778 2733be0e385 96768->96778 96772 2733be0e1c9 96769->96772 96771 2733be0e36e 96770->96771 96771->96715 96771->96718 96773 2733be14c00 38 API calls 96772->96773 96774 2733be0e1f7 96773->96774 96775 2733be0cff0 38 API calls 96774->96775 96776 2733be0e21d ISource 96775->96776 96776->96778 96785 2733be99810 96776->96785 96779 2733be0e288 96780 2733be0e28e 96779->96780 96781 2733be0e2c6 96779->96781 96780->96768 96792 2733be997d0 FindNextFileW 96780->96792 96781->96768 96782 2733be0e9a0 44 API calls 96781->96782 96782->96768 96784->96717 96786 2733be9983b FindFirstFileExW 96785->96786 96787 2733be9982e FindClose 96785->96787 96789 2733be99862 __std_fs_convert_narrow_to_wide 96786->96789 96787->96786 96788 2733be9987c 96787->96788 96795 2733be77bc4 37 API calls __std_fs_directory_iterator_open 96788->96795 96789->96779 96793 2733be997de 96792->96793 96794 2733be997e5 GetLastError 96792->96794 96793->96780 96796->96749 96797->96753 96798->96755 96799->96733 96801->96763 96820 2733be9f960 96802->96820 96804 2733be61418 GetLogicalDriveStringsW 96805 2733be6147f 96804->96805 96807 2733be61434 96804->96807 96806 2733be8cb70 _Strcoll 3 API calls 96805->96806 96808 2733be6162f 96806->96808 96807->96805 96809 2733be14c00 38 API calls 96807->96809 96808->96621 96810 2733be61467 96809->96810 96822 2733be1fa70 38 API calls _Yarn 96810->96822 96813 2733be58e77 96812->96813 96814 2733be58f25 CoTaskMemFree 96812->96814 96817 2733be14c00 38 API calls 96813->96817 96815 2733be8cb70 _Strcoll 3 API calls 96814->96815 96816 2733be58f40 96815->96816 96816->96622 96818 2733be58ea9 ISource 96817->96818 96818->96814 96819 2733be58f52 96818->96819 96821 2733be9f950 96820->96821 96821->96804 96821->96821 96822->96805 96824 2733be6625d memcpy_s 96823->96824 96825 2733be8cb98 std::_Facet_Register 38 API calls 96824->96825 96826 2733be66268 96825->96826 96827 2733be73fc4 37 API calls 96826->96827 96828 2733be66325 memcpy_s 96827->96828 96948 2733be52320 96828->96948 96830 2733be66372 96960 2733be665d0 96830->96960 96832 2733be8cb70 _Strcoll 3 API calls 96835 2733be664a7 96832->96835 96833 2733be664be ISource 96833->96629 96834 2733be6640e ISource 96834->96832 96834->96833 96835->96629 96837 2733be21fc9 96836->96837 96838 2733be20dc0 38 API calls 96837->96838 96839 2733be21fd7 96838->96839 96839->96633 96841 2733be5ae34 96840->96841 96842 2733be5addc 96840->96842 96841->96642 96843 2733be5adf0 send 96842->96843 96844 2733be5ae1c 96842->96844 96843->96842 96843->96844 96844->96642 96949 2733be52426 96948->96949 96952 2733be52358 96948->96952 96965 2733be0b870 38 API calls 96949->96965 96953 2733be5235e memcpy_s 96952->96953 96955 2733be523e8 96952->96955 96956 2733be52393 96952->96956 96953->96830 96954 2733be8cb98 std::_Facet_Register 38 API calls 96958 2733be523a9 96954->96958 96957 2733be8cb98 std::_Facet_Register 38 API calls 96955->96957 96956->96954 96956->96958 96957->96953 96958->96953 96964 2733be0b7b0 38 API calls 2 library calls 96958->96964 96961 2733be66600 96960->96961 96962 2733be8cb70 _Strcoll 3 API calls 96961->96962 96963 2733be66f13 96962->96963 96963->96834 96964->96949 96984 2733be66929 96985 2733be66954 96984->96985 96993 2733be6693f 96984->96993 96990 2733be6695d 96985->96990 96991 2733be66b20 96985->96991 96986 2733be66b89 96989 2733be665d0 3 API calls 96986->96989 96987 2733be66aaa 96996 2733be665d0 3 API calls 96987->96996 96988 2733be8cb70 _Strcoll 3 API calls 96992 2733be66f13 96988->96992 96989->96993 96995 2733be25b00 38 API calls 96990->96995 96997 2733be669ba memcpy_s 96990->96997 96991->96986 96994 2733be665d0 3 API calls 96991->96994 96993->96988 96994->96991 96995->96997 96996->96993 96997->96987 96998 2733be665d0 3 API calls 96997->96998 96998->96997 96999 2733be21925 97000 2733be8cb98 std::_Facet_Register 38 API calls 96999->97000 97001 2733be21937 97000->97001 97002 2733be1fe50 38 API calls 97001->97002 97003 2733be21951 97002->97003 97004 2733be8cb70 _Strcoll 3 API calls 97003->97004 97005 2733be21a33 97004->97005 97006 2733be59b50 97007 2733be59b80 97006->97007 97008 2733be998c0 44 API calls 97007->97008 97009 2733be59b99 97008->97009 97010 2733be8cb70 _Strcoll 3 API calls 97009->97010 97011 2733be59bd6 97010->97011 97012 2733be17b8d 97013 2733be17b9c 97012->97013 97014 2733be17bbe 97013->97014 97105 2733be0e900 46 API calls _Strcoll 97013->97105 97019 2733be17bc2 ISource 97014->97019 97097 2733be0e610 51 API calls 97014->97097 97017 2733be18fd2 ISource 97018 2733be8cb70 _Strcoll 3 API calls 97017->97018 97020 2733be18ffd 97018->97020 97019->97017 97021 2733be1901e 97019->97021 97023 2733be19033 97019->97023 97022 2733be0e080 39 API calls 97021->97022 97022->97023 97024 2733be0d390 38 API calls 97025 2733be17c4c 97024->97025 97025->97024 97026 2733be17eec 97025->97026 97033 2733be59830 100 API calls 97025->97033 97034 2733be0e660 40 API calls 97025->97034 97039 2733be0d220 39 API calls 97025->97039 97042 2733be225a0 38 API calls 97025->97042 97047 2733be1eee0 38 API calls 97025->97047 97063 2733be22510 38 API calls 97025->97063 97069 2733be1fe50 38 API calls 97025->97069 97072 2733be1eda0 38 API calls 97025->97072 97076 2733be1ecc0 38 API calls 97025->97076 97106 2733be1ef40 38 API calls 97025->97106 97107 2733be1f920 8 API calls 2 library calls 97025->97107 97108 2733be22570 38 API calls 97025->97108 97109 2733be1eec0 97025->97109 97027 2733be0d6c0 38 API calls 97026->97027 97028 2733be18000 97027->97028 97098 2733be0e900 46 API calls _Strcoll 97028->97098 97030 2733be18023 97049 2733be183d1 97030->97049 97099 2733be0e610 51 API calls 97030->97099 97033->97025 97034->97025 97036 2733be18886 97115 2733be16130 102 API calls 2 library calls 97036->97115 97038 2733be18899 97038->97019 97116 2733be20a90 38 API calls 3 library calls 97038->97116 97039->97025 97041 2733be188cb 97043 2733be20fb0 38 API calls 97041->97043 97042->97025 97044 2733be1897b 97043->97044 97045 2733be8cb98 std::_Facet_Register 38 API calls 97044->97045 97053 2733be18996 97045->97053 97046 2733be0e9a0 44 API calls 97096 2733be1803e 97046->97096 97047->97025 97049->97019 97112 2733be23680 59 API calls 97049->97112 97050 2733be1fe50 38 API calls 97061 2733be184f9 ISource _Strcoll 97050->97061 97051 2733be59830 100 API calls 97051->97096 97052 2733be0e660 40 API calls 97052->97096 97055 2733be1eda0 38 API calls 97053->97055 97058 2733be18a46 97055->97058 97060 2733be20fb0 38 API calls 97058->97060 97062 2733be18a82 97060->97062 97061->97019 97061->97023 97061->97036 97061->97050 97113 2733be23eb0 38 API calls 2 library calls 97061->97113 97114 2733be29500 38 API calls 3 library calls 97061->97114 97064 2733be222d0 38 API calls 97062->97064 97063->97025 97066 2733be18ab6 97064->97066 97065 2733be0d220 39 API calls 97065->97096 97067 2733be225a0 38 API calls 97066->97067 97070 2733be18ad2 97067->97070 97068 2733be225a0 38 API calls 97068->97096 97069->97025 97074 2733be1eda0 38 API calls 97070->97074 97071 2733be22510 38 API calls 97071->97096 97072->97025 97073 2733be1eee0 38 API calls 97073->97096 97075 2733be18b28 97074->97075 97077 2733be20fb0 38 API calls 97075->97077 97076->97025 97078 2733be18b4f ISource 97077->97078 97078->97023 97080 2733be1fe50 38 API calls 97078->97080 97082 2733be18bbe 97080->97082 97081 2733be1f920 8 API calls 97081->97096 97083 2733be1eda0 38 API calls 97082->97083 97085 2733be18bce 97083->97085 97086 2733be1ecc0 38 API calls 97085->97086 97087 2733be18bda 97086->97087 97088 2733be20fb0 38 API calls 97087->97088 97088->97019 97089 2733be1fe50 38 API calls 97089->97096 97090 2733be1eda0 38 API calls 97090->97096 97091 2733be1ecc0 38 API calls 97091->97096 97092 2733be0d390 38 API calls 97092->97096 97094 2733be1eec0 38 API calls 97094->97096 97095 2733be234d0 38 API calls 97095->97096 97096->97021 97096->97046 97096->97049 97096->97051 97096->97052 97096->97065 97096->97068 97096->97071 97096->97073 97096->97081 97096->97089 97096->97090 97096->97091 97096->97092 97096->97094 97096->97095 97100 2733be1ef40 38 API calls 97096->97100 97101 2733be22570 38 API calls 97096->97101 97102 2733be0d350 97096->97102 97097->97025 97098->97030 97099->97096 97100->97096 97101->97096 97103 2733be14e90 38 API calls 97102->97103 97104 2733be0d370 97103->97104 97104->97096 97105->97014 97106->97025 97107->97025 97108->97025 97110 2733be20fb0 38 API calls 97109->97110 97111 2733be1eed8 97110->97111 97111->97025 97112->97061 97113->97061 97114->97061 97115->97038 97116->97041 97117 2733be5664c 97118 2733be56651 97117->97118 97156 2733be1c8c0 CreateToolhelp32Snapshot 97118->97156 97134 2733be5667a 97135 2733be570e0 68 API calls 97134->97135 97136 2733be5668c 97135->97136 97157 2733be1c927 memcpy_s 97156->97157 97158 2733be1e1d0 57 API calls 97157->97158 97159 2733be1c933 97158->97159 97160 2733be1c93e Process32FirstW 97159->97160 97161 2733be1cb51 97159->97161 97160->97161 97175 2733be1c95a ISource 97160->97175 97162 2733be1e100 38 API calls 97161->97162 97163 2733be1cb64 97162->97163 97165 2733be222d0 38 API calls 97163->97165 97169 2733be1cd66 ISource ProcessCodePage 97163->97169 97164 2733be51bf0 38 API calls 97164->97175 97166 2733be1cba3 97165->97166 97168 2733be225a0 38 API calls 97166->97168 97167 2733be29230 38 API calls 97167->97175 97173 2733be1cbb8 97168->97173 97171 2733be8cb70 _Strcoll 3 API calls 97169->97171 97177 2733be1ce53 97169->97177 97170 2733be236b0 38 API calls 97170->97175 97172 2733be1ce32 97171->97172 97184 2733be1cf60 97172->97184 97174 2733be1eda0 38 API calls 97173->97174 97176 2733be1cc8b 97174->97176 97175->97164 97175->97167 97175->97170 97175->97177 97182 2733be27060 38 API calls 97175->97182 97183 2733be1cb23 Process32NextW 97175->97183 97337 2733be21cf0 97175->97337 97178 2733be1eda0 38 API calls 97176->97178 97180 2733be1cd41 97178->97180 97181 2733be20fb0 38 API calls 97180->97181 97181->97169 97182->97175 97183->97161 97183->97175 97185 2733be1cfb4 memcpy_s 97184->97185 97186 2733be1e1d0 57 API calls 97185->97186 97187 2733be1cfc0 97186->97187 97188 2733be610a0 41 API calls 97187->97188 97207 2733be1d51d ISource 97188->97207 97189 2733be1d6a5 97190 2733be610a0 41 API calls 97189->97190 97212 2733be1d6c6 ISource 97190->97212 97191 2733be1d855 97192 2733be1e100 38 API calls 97191->97192 97193 2733be1d86e 97192->97193 97195 2733be222d0 38 API calls 97193->97195 97204 2733be1da2b ISource 97193->97204 97194 2733be29230 38 API calls 97194->97212 97197 2733be1d89e 97195->97197 97196 2733be236b0 38 API calls 97196->97207 97199 2733be225a0 38 API calls 97197->97199 97198 2733be21cf0 56 API calls 97198->97207 97205 2733be1d8b5 97199->97205 97200 2733be29230 38 API calls 97200->97207 97201 2733be21cf0 56 API calls 97201->97212 97202 2733be236b0 38 API calls 97202->97212 97203 2733be27060 38 API calls 97203->97207 97209 2733be1dc51 97204->97209 97210 2733be8cb70 _Strcoll 3 API calls 97204->97210 97206 2733be1eda0 38 API calls 97205->97206 97213 2733be1d96e 97206->97213 97207->97189 97207->97196 97207->97198 97207->97200 97207->97203 97207->97209 97208 2733be27060 38 API calls 97208->97212 97211 2733be1dc30 97210->97211 97217 2733be1dc90 97211->97217 97212->97191 97212->97194 97212->97201 97212->97202 97212->97208 97212->97209 97214 2733be1eda0 38 API calls 97213->97214 97215 2733be1da06 97214->97215 97216 2733be20fb0 38 API calls 97215->97216 97216->97204 97341 2733be64220 GetEnvironmentStringsW 97217->97341 97219 2733be1dce6 memcpy_s 97220 2733be1e1d0 57 API calls 97219->97220 97230 2733be1dd01 ISource _Yarn 97220->97230 97221 2733be1de0a 97222 2733be1e100 38 API calls 97221->97222 97223 2733be1de17 97222->97223 97225 2733be222d0 38 API calls 97223->97225 97232 2733be1e006 ISource 97223->97232 97226 2733be1de47 97225->97226 97229 2733be225a0 38 API calls 97226->97229 97227 2733be1e0e3 97231 2733be1de5e 97229->97231 97230->97221 97230->97227 97233 2733be21cf0 56 API calls 97230->97233 97237 2733be27060 38 API calls 97230->97237 97349 2733be51d00 38 API calls 2 library calls 97230->97349 97350 2733be29230 97230->97350 97236 2733be1eda0 38 API calls 97231->97236 97232->97227 97234 2733be8cb70 _Strcoll 3 API calls 97232->97234 97233->97230 97235 2733be1e0c2 97234->97235 97242 2733be1acc0 CredEnumerateA 97235->97242 97238 2733be1df2b 97236->97238 97237->97230 97239 2733be1eda0 38 API calls 97238->97239 97240 2733be1dfe1 97239->97240 97241 2733be20fb0 38 API calls 97240->97241 97241->97232 97243 2733be1b74c 97242->97243 97262 2733be1ad30 ISource 97242->97262 97245 2733be8cb70 _Strcoll 3 API calls 97243->97245 97244 2733be1b73f CredFree 97244->97243 97246 2733be1b75b 97245->97246 97266 2733be40d70 97246->97266 97248 2733be222d0 38 API calls 97248->97262 97249 2733be225a0 38 API calls 97249->97262 97250 2733be23990 38 API calls 97250->97262 97251 2733be1eda0 38 API calls 97251->97262 97252 2733be8cb98 38 API calls std::_Facet_Register 97252->97262 97254 2733be1b77c 97258 2733be24670 38 API calls 97254->97258 97255 2733be23ba1 97256 2733be20840 38 API calls 97256->97262 97260 2733be1b7a7 97258->97260 97264 2733be24740 38 API calls 97260->97264 97262->97244 97262->97248 97262->97249 97262->97250 97262->97251 97262->97252 97262->97254 97262->97256 97263 2733be20fb0 38 API calls 97262->97263 97265 2733be1b7bc ISource Concurrency::cancel_current_task 97262->97265 97366 2733be39100 38 API calls std::_Facet_Register 97262->97366 97367 2733be29d50 38 API calls 2 library calls 97262->97367 97368 2733be1e3a0 38 API calls ISource 97262->97368 97263->97262 97264->97265 97265->97255 97369 2733be26000 38 API calls ISource 97265->97369 97370 2733be30000 38 API calls 97265->97370 97267 2733be41082 97266->97267 97276 2733be40dc5 ISource 97266->97276 97268 2733be8cb70 _Strcoll 3 API calls 97267->97268 97269 2733be4108e 97268->97269 97278 2733be43a60 97269->97278 97270 2733be0e9a0 44 API calls 97270->97276 97271 2733be410c3 97372 2733be0e0f0 39 API calls Concurrency::cancel_current_task 97271->97372 97273 2733be0d6c0 38 API calls 97273->97276 97274 2733be410af 97371 2733be0e0f0 39 API calls Concurrency::cancel_current_task 97274->97371 97276->97267 97276->97270 97276->97271 97276->97273 97276->97274 97277 2733be410d8 97276->97277 97279 2733be43d72 97278->97279 97289 2733be43ab5 ISource 97278->97289 97280 2733be8cb70 _Strcoll 3 API calls 97279->97280 97281 2733be43d7e 97280->97281 97290 2733be11100 97281->97290 97282 2733be0d6c0 38 API calls 97282->97289 97283 2733be0e9a0 44 API calls 97283->97289 97284 2733be43db3 97374 2733be0e0f0 39 API calls Concurrency::cancel_current_task 97284->97374 97286 2733be43dc8 97287 2733be43d9f 97373 2733be0e0f0 39 API calls Concurrency::cancel_current_task 97287->97373 97289->97279 97289->97282 97289->97283 97289->97284 97289->97286 97289->97287 97375 2733be0f1c0 97290->97375 97293 2733be11133 97295 2733be111ef ISource 97293->97295 97298 2733be113de 97293->97298 97385 2733be102e0 105 API calls 2 library calls 97293->97385 97295->97298 97380 2733be0f8b0 97295->97380 97296 2733be8cb70 _Strcoll 3 API calls 97297 2733be113c5 97296->97297 97302 2733be19090 97297->97302 97299 2733be11245 97299->97298 97301 2733be11361 ISource 97299->97301 97386 2733be102e0 105 API calls 2 library calls 97299->97386 97301->97296 97301->97298 97303 2733be1a11e 97302->97303 97333 2733be190ec ISource 97302->97333 97304 2733be8cb70 _Strcoll 3 API calls 97303->97304 97305 2733be1a12d 97304->97305 97305->97134 97306 2733be0d6c0 38 API calls 97306->97333 97307 2733be1a173 97455 2733be0e0f0 39 API calls Concurrency::cancel_current_task 97307->97455 97310 2733be234d0 38 API calls 97310->97333 97311 2733be1a153 97454 2733be0e0f0 39 API calls Concurrency::cancel_current_task 97311->97454 97312 2733be1a18e 97456 2733be215a0 38 API calls 97312->97456 97316 2733be0e9a0 44 API calls 97316->97333 97317 2733be22100 50 API calls 97317->97333 97318 2733be1a1e0 97319 2733be1a1b2 97320 2733be0e080 39 API calls 97319->97320 97320->97318 97321 2733be20840 38 API calls 97321->97333 97322 2733be222d0 38 API calls 97322->97333 97323 2733be225a0 38 API calls 97323->97333 97324 2733be59830 100 API calls 97324->97333 97325 2733be1fe50 38 API calls 97325->97333 97327 2733be0d390 38 API calls 97327->97333 97328 2733be0e660 40 API calls 97328->97333 97329 2733be0d220 39 API calls 97329->97333 97330 2733be20fb0 38 API calls 97330->97333 97331 2733be324f0 38 API calls 97331->97333 97332 2733be1eda0 38 API calls 97332->97333 97333->97303 97333->97306 97333->97307 97333->97310 97333->97311 97333->97312 97333->97316 97333->97317 97333->97318 97333->97319 97333->97321 97333->97322 97333->97323 97333->97324 97333->97325 97333->97327 97333->97328 97333->97329 97333->97330 97333->97331 97333->97332 97334 2733be1ecc0 38 API calls 97333->97334 97387 2733be5a6d0 97333->97387 97445 2733be51ea0 CryptUnprotectData 97333->97445 97453 2733be20a90 38 API calls 3 library calls 97333->97453 97334->97333 97338 2733be21d14 97337->97338 97339 2733be21dd0 56 API calls 97338->97339 97340 2733be21d26 97339->97340 97340->97175 97343 2733be64270 ISource 97341->97343 97345 2733be64338 FreeEnvironmentStringsW 97343->97345 97346 2733be64365 97343->97346 97362 2733be67c20 38 API calls 3 library calls 97343->97362 97363 2733be6b090 38 API calls 5 library calls 97343->97363 97345->97219 97347 2733be643a3 RtlInitUnicodeString RtlInitUnicodeString 97346->97347 97348 2733be643d4 97346->97348 97347->97219 97348->97219 97349->97230 97351 2733be29274 97350->97351 97352 2733be27060 38 API calls 97351->97352 97354 2733be292a9 97351->97354 97352->97354 97353 2733be292dd 97355 2733be294a5 97353->97355 97356 2733be2945c 97353->97356 97354->97353 97361 2733be1f690 38 API calls 97354->97361 97365 2733be0cc70 38 API calls 97355->97365 97359 2733be2946d 97356->97359 97364 2733be27b40 38 API calls 2 library calls 97356->97364 97359->97230 97360 2733be294e9 Concurrency::cancel_current_task 97361->97353 97362->97343 97363->97343 97364->97359 97365->97360 97366->97262 97367->97262 97369->97265 97379 2733be0f4c0 ISource 97375->97379 97376 2733be8cb70 _Strcoll 3 API calls 97378 2733be0f694 97376->97378 97377 2733be0f7d2 97377->97293 97378->97293 97379->97376 97379->97377 97384 2733be0fbb0 ISource 97380->97384 97381 2733be8cb70 _Strcoll 3 API calls 97383 2733be0fd84 97381->97383 97382 2733be0fec2 97383->97299 97384->97381 97384->97382 97385->97295 97386->97301 97388 2733be5a763 97387->97388 97389 2733be0d6c0 38 API calls 97388->97389 97390 2733be5a788 ISource 97389->97390 97391 2733be0e9a0 44 API calls 97390->97391 97392 2733be5acd7 97390->97392 97446 2733be51f06 97445->97446 97447 2733be51fcc 97445->97447 97449 2733be51f2d _Yarn memcpy_s 97446->97449 97450 2733be25b00 38 API calls 97446->97450 97448 2733be8cb70 _Strcoll 3 API calls 97447->97448 97451 2733be51fe6 97448->97451 97452 2733be51f86 LocalFree 97449->97452 97450->97449 97451->97333 97452->97447 97453->97333 97465 2733be698ee 97470 2733be6a1e0 97465->97470 97468 2733be8cb70 _Strcoll 3 API calls 97469 2733be6992b 97468->97469 97471 2733be6a206 97470->97471 97472 2733be6a232 97471->97472 97473 2733be4b010 38 API calls 97471->97473 97474 2733be6abc0 38 API calls 97472->97474 97473->97472 97476 2733be6a297 97474->97476 97475 2733be698f6 97475->97468 97476->97475 97478 2733be6abc0 38 API calls 97476->97478 97479 2733be25990 38 API calls 4 library calls 97476->97479 97478->97476 97479->97476 97480 2733be6662b 97481 2733be66651 97480->97481 97483 2733be6663c 97480->97483 97482 2733be6665a 97481->97482 97498 2733be6681f 97481->97498 97485 2733be1fc80 38 API calls 97482->97485 97497 2733be666b2 97482->97497 97484 2733be8cb70 _Strcoll 3 API calls 97483->97484 97487 2733be66f13 97484->97487 97485->97497 97486 2733be668cf 97488 2733be670b0 38 API calls 97486->97488 97490 2733be668e8 97488->97490 97489 2733be670b0 38 API calls 97489->97498 97493 2733be665d0 3 API calls 97490->97493 97491 2733be66782 97492 2733be670b0 38 API calls 97491->97492 97496 2733be667bb 97492->97496 97493->97483 97494 2733be665d0 3 API calls 97494->97498 97495 2733be670b0 38 API calls 97495->97497 97500 2733be665d0 3 API calls 97496->97500 97497->97491 97497->97495 97499 2733be665d0 3 API calls 97497->97499 97498->97486 97498->97489 97498->97494 97499->97497 97500->97483 97501 2733be6c80b 97575 2733be4b5f0 97501->97575 97503 2733be8cb70 _Strcoll 3 API calls 97504 2733be6d1e6 97503->97504 97505 2733be6ca48 97506 2733be69610 38 API calls 97505->97506 97508 2733be6ca50 97506->97508 97507 2733be69610 38 API calls 97513 2733be6c66e 97507->97513 97509 2733be6ca5c 97508->97509 97518 2733be6ce8c 97508->97518 97593 2733be4a810 97509->97593 97510 2733be6cc6d 97608 2733be48950 38 API calls 4 library calls 97510->97608 97511 2733be6cd22 97611 2733be48950 38 API calls 4 library calls 97511->97611 97513->97505 97513->97507 97513->97510 97513->97511 97515 2733be4a9b0 38 API calls 97513->97515 97566 2733be6cb35 97513->97566 97514 2733be6ca74 97519 2733be69610 38 API calls 97514->97519 97515->97513 97617 2733be48950 38 API calls 4 library calls 97518->97617 97522 2733be6ca80 97519->97522 97520 2733be6ccd3 97609 2733be45630 38 API calls _Strcoll 97520->97609 97521 2733be6cd88 97612 2733be45630 38 API calls _Strcoll 97521->97612 97526 2733be6ca8c 97522->97526 97535 2733be6cdd7 97522->97535 97530 2733be69610 38 API calls 97526->97530 97527 2733be6cce3 97531 2733be6ccf2 97527->97531 97574 2733be6d260 Concurrency::cancel_current_task 97527->97574 97528 2733be6cd98 97532 2733be6cda7 97528->97532 97538 2733be6d27d Concurrency::cancel_current_task 97528->97538 97529 2733be6cef2 97618 2733be45630 38 API calls _Strcoll 97529->97618 97544 2733be6ca94 97530->97544 97610 2733be0ed70 8 API calls __std_exception_destroy 97531->97610 97613 2733be0ed70 8 API calls __std_exception_destroy 97532->97613 97614 2733be48950 38 API calls 4 library calls 97535->97614 97536 2733be6cf02 97539 2733be6cf11 97536->97539 97553 2733be6d2b7 Concurrency::cancel_current_task 97536->97553 97624 2733be44110 38 API calls 97538->97624 97619 2733be0ed70 8 API calls __std_exception_destroy 97539->97619 97605 2733be48950 38 API calls 4 library calls 97544->97605 97545 2733be6ce3d 97615 2733be45630 38 API calls _Strcoll 97545->97615 97547 2733be6d29a Concurrency::cancel_current_task 97625 2733be44110 38 API calls 97547->97625 97550 2733be6ce4d 97550->97547 97554 2733be6ce5c 97550->97554 97551 2733be6d2d4 Concurrency::cancel_current_task 97627 2733be44110 38 API calls 97551->97627 97626 2733be44110 38 API calls 97553->97626 97616 2733be0ed70 8 API calls __std_exception_destroy 97554->97616 97555 2733be6cb02 97606 2733be45630 38 API calls _Strcoll 97555->97606 97558 2733be6cb12 97560 2733be6d21a 97558->97560 97561 2733be6cb21 97558->97561 97620 2733be44110 38 API calls 97560->97620 97607 2733be0ed70 8 API calls __std_exception_destroy 97561->97607 97562 2733be6d2f1 Concurrency::cancel_current_task 97628 2733be44110 38 API calls 97562->97628 97566->97503 97567 2733be6d226 Concurrency::cancel_current_task 97621 2733be44110 38 API calls 97567->97621 97568 2733be6d30e Concurrency::cancel_current_task 97629 2733be44110 38 API calls 97568->97629 97571 2733be6d32b Concurrency::cancel_current_task 97572 2733be6d243 Concurrency::cancel_current_task 97622 2733be4a710 38 API calls 97572->97622 97623 2733be44110 38 API calls 97574->97623 97576 2733be4b685 97575->97576 97577 2733be4b610 97575->97577 97578 2733be4b6f7 97576->97578 97579 2733be4b68f 97576->97579 97580 2733be20fb0 38 API calls 97577->97580 97583 2733be20fb0 38 API calls 97578->97583 97581 2733be4b6c4 97579->97581 97582 2733be4b69d 97579->97582 97584 2733be4b635 97580->97584 97630 2733be4e4b0 38 API calls 2 library calls 97581->97630 97586 2733be20fb0 38 API calls 97582->97586 97588 2733be4b71c 97583->97588 97585 2733be20fb0 38 API calls 97584->97585 97589 2733be4b671 97585->97589 97590 2733be4b6b6 97586->97590 97591 2733be20fb0 38 API calls 97588->97591 97589->97513 97590->97513 97592 2733be4b759 97591->97592 97592->97513 97594 2733be4a835 97593->97594 97595 2733be4a868 97594->97595 97596 2733be4a911 97594->97596 97599 2733be4a8c0 97594->97599 97597 2733be8cb98 std::_Facet_Register 38 API calls 97595->97597 97631 2733be0b890 38 API calls 97596->97631 97600 2733be4a88c 97597->97600 97599->97514 97602 2733be1fe50 38 API calls 97600->97602 97603 2733be4a8a8 97602->97603 97604 2733be20840 38 API calls 97603->97604 97604->97599 97605->97555 97606->97558 97607->97566 97608->97520 97609->97527 97610->97566 97611->97521 97612->97528 97613->97566 97614->97545 97615->97550 97616->97566 97617->97529 97618->97536 97619->97566 97620->97567 97621->97572 97622->97574 97623->97538 97624->97547 97625->97553 97626->97551 97627->97562 97628->97568 97629->97571 97630->97590

                                                                                        Executed Functions

                                                                                        Function 000002733BE5FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                                        • String ID:
                                                                                        • API String ID: 3214587331-3916222277
                                                                                        • Opcode ID: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                                                                        • Instruction ID: e8dfaef397f0c5545f025d72632950568a32b5e5782e0ff40d9389c9dc106de8
                                                                                        • Opcode Fuzzy Hash: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                                                                        • Instruction Fuzzy Hash: B7B11E7261DBC086E670EB25F8583DAB7A5F789B80F404655DA8E43B69DF38C184DB80
                                                                                        Function 000002733BE998C0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 40 2733be998c0-2733be99900 41 2733be99902-2733be99909 40->41 42 2733be99915-2733be9991e 40->42 41->42 43 2733be9990b-2733be99910 41->43 44 2733be99920-2733be99923 42->44 45 2733be9993a-2733be9993c 42->45 46 2733be99b94-2733be99bba call 2733be8cb70 43->46 44->45 47 2733be99925-2733be9992d 44->47 48 2733be99b92 45->48 49 2733be99942-2733be99946 45->49 50 2733be9992f-2733be99931 47->50 51 2733be99933-2733be99936 47->51 48->46 53 2733be9994c-2733be9994f 49->53 54 2733be99a1d-2733be99a44 call 2733be99c94 49->54 50->45 50->51 51->45 56 2733be99951-2733be99959 53->56 57 2733be99963-2733be99975 GetFileAttributesExW 53->57 64 2733be99a66-2733be99a6f 54->64 65 2733be99a46-2733be99a4f 54->65 56->57 59 2733be9995b-2733be9995d 56->59 61 2733be999c8-2733be999d7 57->61 62 2733be99977-2733be99980 call 2733beb2160 57->62 59->54 59->57 63 2733be999db-2733be999dd 61->63 62->46 74 2733be99986-2733be99998 FindFirstFileW 62->74 70 2733be999df-2733be999e7 63->70 71 2733be999e9-2733be99a17 63->71 68 2733be99b23-2733be99b2c 64->68 69 2733be99a75-2733be99a8d GetFileInformationByHandleEx 64->69 72 2733be99a5f-2733be99a61 65->72 73 2733be99a51-2733be99a59 call 2733beb2138 65->73 77 2733be99b7b-2733be99b7d 68->77 78 2733be99b2e-2733be99b42 GetFileInformationByHandleEx 68->78 75 2733be99a8f-2733be99a9b call 2733beb2160 69->75 76 2733be99ab5-2733be99ace 69->76 70->54 70->71 71->48 71->54 72->46 73->72 89 2733be99bd5-2733be99bda call 2733be77bc4 73->89 81 2733be999a5-2733be999c6 FindClose 74->81 82 2733be9999a-2733be999a0 call 2733beb2160 74->82 101 2733be99aae-2733be99ab0 75->101 102 2733be99a9d-2733be99aa8 call 2733beb2138 75->102 76->68 88 2733be99ad0-2733be99ad4 76->88 83 2733be99bbb-2733be99bbf 77->83 84 2733be99b7f-2733be99b83 77->84 86 2733be99b44-2733be99b50 call 2733beb2160 78->86 87 2733be99b68-2733be99b78 78->87 81->63 82->46 94 2733be99bce-2733be99bd3 83->94 95 2733be99bc1-2733be99bcc call 2733beb2138 83->95 84->48 91 2733be99b85-2733be99b90 call 2733beb2138 84->91 86->101 111 2733be99b56-2733be99b61 call 2733beb2138 86->111 87->77 96 2733be99b1c 88->96 97 2733be99ad6-2733be99af0 GetFileInformationByHandleEx 88->97 115 2733be99bdb-2733be99be0 call 2733be77bc4 89->115 91->48 91->89 94->46 95->89 95->94 103 2733be99b20 96->103 106 2733be99af2-2733be99afe call 2733beb2160 97->106 107 2733be99b13-2733be99b1a 97->107 101->46 102->101 120 2733be99be7-2733be99bef call 2733be77bc4 102->120 103->68 106->101 118 2733be99b00-2733be99b0b call 2733beb2138 106->118 107->103 122 2733be99be1-2733be99be6 call 2733be77bc4 111->122 123 2733be99b63 111->123 115->122 118->115 130 2733be99b11 118->130 122->120 123->101 130->101
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                                        • String ID:
                                                                                        • API String ID: 2398595512-0
                                                                                        • Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                                        • Instruction ID: a8de14c7586719cecb2f14717bac6268d9111356aa38cf3a8c026aa185ff09ea
                                                                                        • Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                                        • Instruction Fuzzy Hash: 0E91A53530DA0186E674EB2DB8487DA3791EB857B4F1447909AFE476D4EB3CCA09A780
                                                                                        Function 000002733BE61660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InformationTimeZone
                                                                                        • String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                        • API String ID: 565725191-1610854563
                                                                                        • Opcode ID: 642a681db4093793f1ccd725a39e58c07c82e1680a0ac04f48c002ccdd36d47c
                                                                                        • Instruction ID: 79e0eaecbbe070dd96f6e25e2ca2444f222c9359ec884eaf88d426cabcdb54b2
                                                                                        • Opcode Fuzzy Hash: 642a681db4093793f1ccd725a39e58c07c82e1680a0ac04f48c002ccdd36d47c
                                                                                        • Instruction Fuzzy Hash: 4A239D33A18BC485EB21DB29E8443DD77A1F789798F405315EA9D47BA9EB78C380D780
                                                                                        Function 000002733BE61FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                                                        • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                        • API String ID: 2509368203-1182675529
                                                                                        • Opcode ID: 651cfcef4566506e5ace81f37ff1620ea6e6137fc1fc0d78e1bfedf283b572e2
                                                                                        • Instruction ID: 318b94b50140a88739546b759caf97e38145e2a9d10e7df79801809e596ac22a
                                                                                        • Opcode Fuzzy Hash: 651cfcef4566506e5ace81f37ff1620ea6e6137fc1fc0d78e1bfedf283b572e2
                                                                                        • Instruction Fuzzy Hash: EFF27C32618BC485DB21DF29E8943DD77A1F789798F409316EA9D07BA9EB78C380D740
                                                                                        Function 000002733BE1B820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1195 2733be1b820-2733be1b91f LoadLibraryA 1196 2733be1b925-2733be1bce0 GetProcAddress * 6 1195->1196 1197 2733be1c7e0-2733be1c7ea 1195->1197 1196->1197 1200 2733be1bce6-2733be1bce9 1196->1200 1198 2733be1c7f9-2733be1c7fc 1197->1198 1199 2733be1c7ec-2733be1c7ee 1197->1199 1202 2733be1c807-2733be1c836 call 2733be8cb70 1198->1202 1203 2733be1c7fe-2733be1c801 FreeLibrary 1198->1203 1199->1198 1200->1197 1201 2733be1bcef-2733be1bcf2 1200->1201 1201->1197 1204 2733be1bcf8-2733be1bcfb 1201->1204 1203->1202 1204->1197 1207 2733be1bd01-2733be1bd04 1204->1207 1207->1197 1209 2733be1bd0a-2733be1bd0d 1207->1209 1209->1197 1210 2733be1bd13-2733be1bd21 1209->1210 1211 2733be1bd25-2733be1bd27 1210->1211 1211->1197 1212 2733be1bd2d-2733be1bd39 1211->1212 1212->1197 1213 2733be1bd3f-2733be1bd48 1212->1213 1214 2733be1bd50-2733be1bd6b 1213->1214 1216 2733be1c7c7-2733be1c7d3 1214->1216 1217 2733be1bd71-2733be1bd8f 1214->1217 1216->1214 1218 2733be1c7d9 1216->1218 1217->1216 1220 2733be1bd95-2733be1bda7 1217->1220 1218->1197 1221 2733be1c7b3-2733be1c7c2 1220->1221 1222 2733be1bdad 1220->1222 1221->1216 1223 2733be1bdb2-2733be1be03 call 2733be8cb98 1222->1223 1228 2733be1be09-2733be1be10 1223->1228 1229 2733be1c082 1223->1229 1228->1229 1230 2733be1be16-2733be1bf0f call 2733be51bf0 call 2733be222d0 call 2733be225a0 1228->1230 1231 2733be1c084-2733be1c08b 1229->1231 1257 2733be1bf10-2733be1bf18 1230->1257 1233 2733be1c301-2733be1c33d 1231->1233 1234 2733be1c091-2733be1c098 1231->1234 1242 2733be1c343-2733be1c351 1233->1242 1243 2733be1c5d7-2733be1c5d9 1233->1243 1234->1233 1236 2733be1c09e-2733be1c18b call 2733be51bf0 call 2733be222d0 call 2733be225a0 1234->1236 1267 2733be1c192-2733be1c19a 1236->1267 1248 2733be1c357-2733be1c35e 1242->1248 1249 2733be1c5d0-2733be1c5d3 1242->1249 1244 2733be1c785-2733be1c79b call 2733be1e3a0 1243->1244 1245 2733be1c5df-2733be1c708 call 2733be25330 call 2733be1eda0 call 2733be25330 call 2733be1eda0 call 2733be20fb0 call 2733be8cb98 call 2733be39100 1243->1245 1264 2733be1c7a1-2733be1c7ac 1244->1264 1265 2733be1bdb0 1244->1265 1342 2733be1c714-2733be1c727 call 2733be20840 1245->1342 1343 2733be1c70a-2733be1c70c 1245->1343 1248->1249 1255 2733be1c364-2733be1c458 call 2733be51bf0 call 2733be222d0 call 2733be225a0 1248->1255 1249->1243 1254 2733be1c5d5 1249->1254 1254->1243 1285 2733be1c460-2733be1c467 1255->1285 1257->1257 1263 2733be1bf1a-2733be1bf74 call 2733be25330 call 2733be23990 call 2733be20fb0 1257->1263 1291 2733be1bf76-2733be1bf87 1263->1291 1292 2733be1bfa7-2733be1bfd1 1263->1292 1264->1221 1265->1223 1267->1267 1272 2733be1c19c-2733be1c1f5 call 2733be25330 call 2733be23990 call 2733be20fb0 1267->1272 1307 2733be1c1f7-2733be1c208 1272->1307 1308 2733be1c228-2733be1c252 1272->1308 1285->1285 1289 2733be1c469-2733be1c4c2 call 2733be25330 call 2733be23990 call 2733be20fb0 1285->1289 1357 2733be1c4f5-2733be1c51e 1289->1357 1358 2733be1c4c4-2733be1c4d5 1289->1358 1296 2733be1bf89-2733be1bf9c 1291->1296 1297 2733be1bfa2 call 2733be8cb90 1291->1297 1300 2733be1bfd3-2733be1bfe7 1292->1300 1301 2733be1c009-2733be1c02f 1292->1301 1296->1297 1305 2733be1c891-2733be1c896 call 2733be6fc0c 1296->1305 1297->1292 1310 2733be1bfe9-2733be1bffc 1300->1310 1311 2733be1c002-2733be1c007 call 2733be8cb90 1300->1311 1303 2733be1c067-2733be1c080 1301->1303 1304 2733be1c031-2733be1c045 1301->1304 1303->1231 1314 2733be1c047-2733be1c05a 1304->1314 1315 2733be1c060-2733be1c065 call 2733be8cb90 1304->1315 1319 2733be1c897-2733be1c89c call 2733be6fc0c 1305->1319 1316 2733be1c223 call 2733be8cb90 1307->1316 1317 2733be1c20a-2733be1c21d 1307->1317 1320 2733be1c254-2733be1c268 1308->1320 1321 2733be1c28a-2733be1c2b0 1308->1321 1310->1311 1310->1319 1311->1301 1314->1315 1325 2733be1c89d-2733be1c8a2 call 2733be6fc0c 1314->1325 1315->1303 1316->1308 1317->1316 1330 2733be1c8a3-2733be1c8a8 call 2733be6fc0c 1317->1330 1319->1325 1333 2733be1c283-2733be1c288 call 2733be8cb90 1320->1333 1334 2733be1c26a-2733be1c27d 1320->1334 1328 2733be1c2e8-2733be1c2fa 1321->1328 1329 2733be1c2b2-2733be1c2c6 1321->1329 1325->1330 1328->1233 1346 2733be1c2c8-2733be1c2db 1329->1346 1347 2733be1c2e1-2733be1c2e6 call 2733be8cb90 1329->1347 1341 2733be1c8a9-2733be1c8ae call 2733be6fc0c 1330->1341 1333->1321 1334->1333 1334->1341 1352 2733be1c8af-2733be1c8b4 call 2733be6fc0c 1341->1352 1363 2733be1c72b-2733be1c737 1342->1363 1348 2733be1c83d-2733be1c88a call 2733be20a00 call 2733be24670 call 2733be24740 call 2733be8f198 1343->1348 1349 2733be1c712 1343->1349 1346->1347 1346->1352 1347->1328 1391 2733be1c88b-2733be1c890 call 2733be6fc0c 1348->1391 1349->1363 1378 2733be1c8b5-2733be1c8ba call 2733be6fc0c 1352->1378 1364 2733be1c554-2733be1c57a 1357->1364 1365 2733be1c520-2733be1c534 1357->1365 1360 2733be1c4d7-2733be1c4ea 1358->1360 1361 2733be1c4f0 call 2733be8cb90 1358->1361 1360->1361 1360->1378 1361->1357 1373 2733be1c739-2733be1c75c 1363->1373 1374 2733be1c75e-2733be1c768 call 2733be29d50 1363->1374 1376 2733be1c57c-2733be1c590 1364->1376 1377 2733be1c5b0-2733be1c5c9 1364->1377 1371 2733be1c536-2733be1c549 1365->1371 1372 2733be1c54f call 2733be8cb90 1365->1372 1371->1372 1380 2733be1c837-2733be1c83c call 2733be6fc0c 1371->1380 1372->1364 1382 2733be1c76d-2733be1c77e call 2733be20fb0 1373->1382 1374->1382 1385 2733be1c5ab call 2733be8cb90 1376->1385 1386 2733be1c592-2733be1c5a5 1376->1386 1377->1249 1380->1348 1382->1244 1385->1377 1386->1385 1386->1391 1391->1305
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Library$FreeLoad
                                                                                        • String ID: cannot use push_back() with $system$vault
                                                                                        • API String ID: 2449869053-1741236777
                                                                                        • Opcode ID: 8877454632e1459ab6d46cc5bdd39f33383bd42217b921f3bd281377c5b98e97
                                                                                        • Instruction ID: 5fe8da0deb67d0eef4f30b0558983af3dcaf9333557ed849bca87cae183ab3d7
                                                                                        • Opcode Fuzzy Hash: 8877454632e1459ab6d46cc5bdd39f33383bd42217b921f3bd281377c5b98e97
                                                                                        • Instruction Fuzzy Hash: 42923832609BC489DB70DF29E8853DD73A4F789798F204216EA9C5BB99EF74C684D340
                                                                                        Function 000002733BE56480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1480 2733be56480-2733be564a2 call 2733be59760 1483 2733be564a4-2733be564cd call 2733be59aa0 call 2733be64740 call 2733be1fb00 ExitProcess 1480->1483 1484 2733be564ce-2733be56580 call 2733be65970 * 2 call 2733be61ff0 call 2733be56eb0 1480->1484 1483->1484 1499 2733be565b4-2733be565eb OpenMutexA 1484->1499 1500 2733be56582-2733be56594 1484->1500 1503 2733be565f9-2733be56630 CreateMutexA call 2733be509f0 call 2733be59be0 1499->1503 1504 2733be565ed-2733be565f8 ExitProcess 1499->1504 1501 2733be56596-2733be565a9 1500->1501 1502 2733be565af call 2733be8cb90 1500->1502 1501->1502 1505 2733be56746-2733be5674b call 2733be6fc0c 1501->1505 1502->1499 1515 2733be56632-2733be5663d ExitProcess 1503->1515 1516 2733be5663e-2733be566a1 call 2733be622f0 call 2733be1b820 call 2733be1c8c0 call 2733be1cf60 call 2733be1dc90 call 2733be1acc0 call 2733be40d70 call 2733be43a60 call 2733be11100 call 2733be19090 call 2733be17940 call 2733be570e0 call 2733be1a1f0 call 2733be15a90 call 2733be12e30 call 2733be15d60 call 2733be5e9f0 1503->1516 1504->1503 1512 2733be5674c-2733be56751 call 2733be6fc0c 1505->1512 1515->1516 1553 2733be566a6-2733be566b6 call 2733be55a80 1516->1553 1557 2733be566b8-2733be566c4 ReleaseMutex call 2733beb2138 1553->1557 1558 2733be566ca-2733be566d1 1553->1558 1557->1558 1560 2733be566d9-2733be566e5 1558->1560 1561 2733be566d3-2733be566d8 call 2733be56760 1558->1561 1563 2733be566e7-2733be566f9 1560->1563 1564 2733be56715-2733be56745 call 2733be8cb70 1560->1564 1561->1560 1566 2733be56710 call 2733be8cb90 1563->1566 1567 2733be566fb-2733be5670e 1563->1567 1566->1564 1567->1512 1567->1566
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
                                                                                        • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                                        • API String ID: 470559343-3768118664
                                                                                        • Opcode ID: 934d3a2081db48a5f146861ee3081173b62aac492e54dfc993cfb13fb8228311
                                                                                        • Instruction ID: 68bd15c65a15b92e3d066de7cb41401afecd581d5080d81dbd9627e6f041ec0b
                                                                                        • Opcode Fuzzy Hash: 934d3a2081db48a5f146861ee3081173b62aac492e54dfc993cfb13fb8228311
                                                                                        • Instruction Fuzzy Hash: A861936160CA8046FA30FB6CF45D3DEA394EB85790F505796E69D426DBDF28C284E7C0
                                                                                        Function 000002733BE8114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1571 2733be8114c-2733be81187 call 2733be807e8 call 2733be807f0 call 2733be80858 1578 2733be8118d-2733be81198 call 2733be807f8 1571->1578 1579 2733be813b1-2733be813fd call 2733be6fc3c call 2733be807e8 call 2733be807f0 call 2733be80858 1571->1579 1578->1579 1584 2733be8119e-2733be811a8 1578->1584 1604 2733be8153b-2733be815a9 call 2733be6fc3c call 2733be89d94 1579->1604 1605 2733be81403-2733be8140e call 2733be807f8 1579->1605 1586 2733be811ca-2733be811ce 1584->1586 1587 2733be811aa-2733be811ad 1584->1587 1590 2733be811d1-2733be811d9 1586->1590 1589 2733be811b0-2733be811bb 1587->1589 1592 2733be811bd-2733be811c4 1589->1592 1593 2733be811c6-2733be811c8 1589->1593 1590->1590 1594 2733be811db-2733be811ee call 2733be7dedc 1590->1594 1592->1589 1592->1593 1593->1586 1596 2733be811f7-2733be81205 1593->1596 1602 2733be811f0-2733be811f2 call 2733be7b550 1594->1602 1603 2733be81206-2733be81212 call 2733be7b550 1594->1603 1602->1596 1611 2733be81219-2733be81221 1603->1611 1625 2733be815ab-2733be815b2 1604->1625 1626 2733be815b7-2733be815ba 1604->1626 1605->1604 1615 2733be81414-2733be8141f call 2733be80828 1605->1615 1611->1611 1614 2733be81223-2733be81234 call 2733be862e8 1611->1614 1614->1579 1623 2733be8123a-2733be81290 call 2733be9f960 * 4 call 2733be81068 1614->1623 1615->1604 1624 2733be81425-2733be81448 call 2733be7b550 GetTimeZoneInformation 1615->1624 1683 2733be81292-2733be81296 1623->1683 1640 2733be8144e-2733be8146f 1624->1640 1641 2733be81510-2733be8153a call 2733be807e0 call 2733be807d0 call 2733be807d8 1624->1641 1631 2733be81647-2733be8164a 1625->1631 1629 2733be815bc 1626->1629 1630 2733be815f1-2733be81604 call 2733be7dedc 1626->1630 1633 2733be815bf 1629->1633 1644 2733be8160f-2733be8162a call 2733be89d94 1630->1644 1645 2733be81606 1630->1645 1631->1633 1634 2733be81650-2733be81658 call 2733be8114c 1631->1634 1642 2733be815c4-2733be815f0 call 2733be7b550 call 2733be8cb70 1633->1642 1643 2733be815bf call 2733be813c8 1633->1643 1634->1642 1648 2733be81471-2733be81477 1640->1648 1649 2733be8147a-2733be81481 1640->1649 1643->1642 1669 2733be8162c-2733be8162f 1644->1669 1670 2733be81631-2733be81643 call 2733be7b550 1644->1670 1652 2733be81608-2733be8160d call 2733be7b550 1645->1652 1648->1649 1655 2733be81483-2733be8148b 1649->1655 1656 2733be81495 1649->1656 1652->1629 1655->1656 1664 2733be8148d-2733be81493 1655->1664 1663 2733be81497-2733be8150b call 2733be9f960 * 4 call 2733be84cb4 call 2733be81660 * 2 1656->1663 1663->1641 1664->1663 1669->1652 1670->1631 1685 2733be8129c-2733be812a0 1683->1685 1686 2733be81298 1683->1686 1685->1683 1688 2733be812a2-2733be812c7 call 2733be73f10 1685->1688 1686->1685 1694 2733be812ca-2733be812ce 1688->1694 1696 2733be812dd-2733be812e1 1694->1696 1697 2733be812d0-2733be812db 1694->1697 1696->1694 1697->1696 1699 2733be812e3-2733be812e7 1697->1699 1701 2733be81368-2733be8136c 1699->1701 1702 2733be812e9-2733be81311 call 2733be73f10 1699->1702 1704 2733be8136e-2733be81370 1701->1704 1705 2733be81373-2733be81380 1701->1705 1711 2733be8132f-2733be81333 1702->1711 1712 2733be81313 1702->1712 1704->1705 1707 2733be8139b-2733be813aa call 2733be807e0 call 2733be807d0 1705->1707 1708 2733be81382-2733be81398 call 2733be81068 1705->1708 1707->1579 1708->1707 1711->1701 1714 2733be81335-2733be81353 call 2733be73f10 1711->1714 1716 2733be81316-2733be8131d 1712->1716 1723 2733be8135f-2733be81366 1714->1723 1716->1711 1720 2733be8131f-2733be8132d 1716->1720 1720->1711 1720->1716 1723->1701 1724 2733be81355-2733be81359 1723->1724 1724->1701 1725 2733be8135b 1724->1725 1725->1723
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                        • API String ID: 355007559-239921721
                                                                                        • Opcode ID: 7c59d7ccbe5d7300b5b7a10bdfa8df02b94e7a90d3a9da5a0b2f52bbfcd600ed
                                                                                        • Instruction ID: efda3fcbb40510c6a69e7d331359af0a62b386bf4b5af141a669d2e702a724f5
                                                                                        • Opcode Fuzzy Hash: 7c59d7ccbe5d7300b5b7a10bdfa8df02b94e7a90d3a9da5a0b2f52bbfcd600ed
                                                                                        • Instruction Fuzzy Hash: 01D1F62A708A4086E730FF29F8593E977A1F748F85F444265EE4D87A96DB38C641E7C0
                                                                                        Function 000002733BE5F200 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1726 2733be5f200-2733be5f39e 1727 2733be5f3a0-2733be5f3a7 1726->1727 1727->1727 1728 2733be5f3a9-2733be5f3dc call 2733be25330 InternetOpenA 1727->1728 1731 2733be5f475-2733be5f48c 1728->1731 1732 2733be5f3e2-2733be5f3f8 1728->1732 1733 2733be5f491-2733be5f4b8 InternetOpenUrlA 1731->1733 1734 2733be5f48e 1731->1734 1735 2733be5f400-2733be5f408 1732->1735 1736 2733be5f4e9-2733be5f514 HttpQueryInfoW 1733->1736 1737 2733be5f4ba-2733be5f4e4 1733->1737 1734->1733 1738 2733be5f40a-2733be5f41b 1735->1738 1739 2733be5f43b-2733be5f474 call 2733be8cb70 1735->1739 1740 2733be5f516-2733be5f54a 1736->1740 1741 2733be5f54f-2733be5f5aa HttpQueryInfoW 1736->1741 1737->1735 1742 2733be5f436 call 2733be8cb90 1738->1742 1743 2733be5f41d-2733be5f430 1738->1743 1740->1741 1749 2733be5f5d8-2733be5f5ee InternetQueryDataAvailable 1741->1749 1750 2733be5f5ac-2733be5f5c2 call 2733be73f10 1741->1750 1742->1739 1743->1742 1747 2733be5f875-2733be5f87a call 2733be6fc0c 1743->1747 1760 2733be5f87b-2733be5f880 call 2733be0b7b0 1747->1760 1753 2733be5f7d3-2733be5f826 InternetCloseHandle 1749->1753 1754 2733be5f5f4-2733be5f5f9 1749->1754 1750->1749 1759 2733be5f5c4-2733be5f5d3 call 2733be251e0 1750->1759 1763 2733be5f82f-2733be5f838 1753->1763 1758 2733be5f600-2733be5f606 1754->1758 1758->1753 1761 2733be5f60c-2733be5f626 1758->1761 1759->1749 1766 2733be5f699-2733be5f6b1 InternetReadFile 1761->1766 1767 2733be5f628-2733be5f62e 1761->1767 1763->1739 1768 2733be5f83e-2733be5f84f 1763->1768 1771 2733be5f6b7-2733be5f6bc 1766->1771 1772 2733be5f78d-2733be5f794 1766->1772 1774 2733be5f630-2733be5f637 1767->1774 1775 2733be5f65c-2733be5f65f call 2733be8cb98 1767->1775 1768->1742 1769 2733be5f855-2733be5f868 1768->1769 1769->1747 1777 2733be5f86a 1769->1777 1771->1772 1778 2733be5f6c2-2733be5f6cd 1771->1778 1772->1753 1779 2733be5f796-2733be5f7a7 1772->1779 1774->1760 1780 2733be5f63d-2733be5f648 call 2733be8cb98 1774->1780 1781 2733be5f664-2733be5f694 call 2733be9f960 1775->1781 1777->1742 1782 2733be5f6ff-2733be5f719 call 2733be25cb0 1778->1782 1783 2733be5f6cf-2733be5f6fd call 2733be9f2c0 1778->1783 1784 2733be5f7a9-2733be5f7bc 1779->1784 1785 2733be5f7c2-2733be5f7cf call 2733be8cb90 1779->1785 1789 2733be5f86f-2733be5f874 call 2733be6fc0c 1780->1789 1798 2733be5f64e-2733be5f65a 1780->1798 1781->1766 1800 2733be5f71a-2733be5f721 1782->1800 1783->1800 1784->1785 1784->1789 1785->1753 1789->1747 1798->1781 1801 2733be5f723-2733be5f734 1800->1801 1802 2733be5f764 1800->1802 1804 2733be5f736-2733be5f749 1801->1804 1805 2733be5f74f-2733be5f762 call 2733be8cb90 1801->1805 1803 2733be5f766-2733be5f77c InternetQueryDataAvailable 1802->1803 1803->1753 1807 2733be5f77e-2733be5f788 1803->1807 1804->1789 1804->1805 1805->1803 1807->1758
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                                        • String ID:
                                                                                        • API String ID: 1475545111-0
                                                                                        • Opcode ID: bb750a931f0c3528aa084ba8e17e664c1c9461fed7d521bc4a8be10c0a63c358
                                                                                        • Instruction ID: 4a781b72f07aa6d27c91c5fefaeaacca6efe6b997bb269ae0652dc90a3c9f1e0
                                                                                        • Opcode Fuzzy Hash: bb750a931f0c3528aa084ba8e17e664c1c9461fed7d521bc4a8be10c0a63c358
                                                                                        • Instruction Fuzzy Hash: 99028032A18B9485EB10DB69F84439E77B5F795798F204316EE9C57BA8DF38C180D780
                                                                                        Function 000002733BE9E968 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1809 2733be9e968-2733be9e9db call 2733be9e54c 1812 2733be9e9dd-2733be9e9e6 call 2733be740ac 1809->1812 1813 2733be9e9f5-2733be9e9ff call 2733be8397c 1809->1813 1818 2733be9e9e9-2733be9e9f0 call 2733be740cc 1812->1818 1819 2733be9ea01-2733be9ea18 call 2733be740ac call 2733be740cc 1813->1819 1820 2733be9ea1a-2733be9ea83 CreateFileW 1813->1820 1836 2733be9ed36-2733be9ed56 1818->1836 1819->1818 1821 2733be9eb00-2733be9eb0b GetFileType 1820->1821 1822 2733be9ea85-2733be9ea8b 1820->1822 1828 2733be9eb0d-2733be9eb48 call 2733beb2160 call 2733be74040 call 2733beb2138 1821->1828 1829 2733be9eb5e-2733be9eb65 1821->1829 1825 2733be9eacd-2733be9eafb call 2733beb2160 call 2733be74040 1822->1825 1826 2733be9ea8d-2733be9ea91 1822->1826 1825->1818 1826->1825 1832 2733be9ea93-2733be9eacb CreateFileW 1826->1832 1828->1818 1855 2733be9eb4e-2733be9eb59 call 2733be740cc 1828->1855 1834 2733be9eb6d-2733be9eb70 1829->1834 1835 2733be9eb67-2733be9eb6b 1829->1835 1832->1821 1832->1825 1840 2733be9eb76-2733be9ebcb call 2733be83894 1834->1840 1841 2733be9eb72 1834->1841 1835->1840 1850 2733be9ebcd-2733be9ebd9 call 2733be9e754 1840->1850 1851 2733be9ebea-2733be9ec1b call 2733be9e2cc 1840->1851 1841->1840 1850->1851 1858 2733be9ebdb 1850->1858 1860 2733be9ec1d-2733be9ec1f 1851->1860 1861 2733be9ec21-2733be9ec63 1851->1861 1855->1818 1862 2733be9ebdd-2733be9ebe5 call 2733be7b6c8 1858->1862 1860->1862 1864 2733be9ec85-2733be9ec90 1861->1864 1865 2733be9ec65-2733be9ec69 1861->1865 1862->1836 1868 2733be9ec96-2733be9ec9a 1864->1868 1869 2733be9ed34 1864->1869 1865->1864 1867 2733be9ec6b-2733be9ec80 1865->1867 1867->1864 1868->1869 1871 2733be9eca0-2733be9ece5 call 2733beb2138 CreateFileW 1868->1871 1869->1836 1874 2733be9ed1a-2733be9ed2f 1871->1874 1875 2733be9ece7-2733be9ed15 call 2733beb2160 call 2733be74040 call 2733be83abc 1871->1875 1874->1869 1875->1874
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                        • String ID:
                                                                                        • API String ID: 1617910340-0
                                                                                        • Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                                        • Instruction ID: 73e1f011e778f2eb676fff9ed25528f61914f0c9ea17ee2bd07114f4bebd1a23
                                                                                        • Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                                        • Instruction Fuzzy Hash: 28C1DF32728A4486EB20EFA8E4957EC3761F389B98F015345DB6E97394CB38C659D380
                                                                                        Function 000002733BE58F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1907 2733be58f60-2733be58fe5 call 2733be0e9a0 1910 2733be58fe7-2733be58fe9 1907->1910 1911 2733be58ff1-2733be58ff4 1907->1911 1914 2733be59700-2733be59716 call 2733be0e0f0 1910->1914 1915 2733be58fef 1910->1915 1912 2733be59007-2733be59020 call 2733be9f960 1911->1912 1913 2733be58ff6-2733be59002 1911->1913 1922 2733be59025-2733be5908b call 2733be691d0 1912->1922 1923 2733be59022 1912->1923 1916 2733be5967f-2733be596ab call 2733be8cb70 1913->1916 1924 2733be59717-2733be5971c call 2733be6fc0c 1914->1924 1915->1913 1930 2733be59485-2733be594bf call 2733be34da0 call 2733be34cc0 1922->1930 1931 2733be59091-2733be59099 1922->1931 1923->1922 1932 2733be5971d-2733be59751 call 2733be0ba80 call 2733be0cc70 call 2733be8f198 1924->1932 1947 2733be594c1-2733be594d2 call 2733be251e0 1930->1947 1948 2733be594de-2733be59548 call 2733be34da0 call 2733be676a0 1930->1948 1934 2733be5909b 1931->1934 1935 2733be5909e call 2733be63b30 1931->1935 1934->1935 1942 2733be590a3-2733be590c1 call 2733be63cf0 1935->1942 1950 2733be590c7-2733be590dd 1942->1950 1951 2733be5919c-2733be591b6 GetFileSize 1942->1951 1959 2733be594d7 1947->1959 1968 2733be5954d-2733be5956c 1948->1968 1955 2733be59113-2733be59197 call 2733be319c0 1950->1955 1956 2733be590df-2733be590f3 1950->1956 1957 2733be591b8-2733be591db 1951->1957 1958 2733be591dd-2733be591f3 1951->1958 1976 2733be5966b-2733be5967a call 2733be9ac3c 1955->1976 1962 2733be590f5-2733be59108 1956->1962 1963 2733be5910e call 2733be8cb90 1956->1963 1965 2733be59242-2733be5928b SetFilePointer ReadFile 1957->1965 1966 2733be59225-2733be5923d call 2733be25b00 1958->1966 1967 2733be591f5-2733be59223 call 2733be9f960 1958->1967 1959->1948 1962->1924 1962->1963 1963->1955 1969 2733be593a2-2733be593c6 1965->1969 1970 2733be59291-2733be592e3 1965->1970 1966->1965 1967->1965 1968->1932 1975 2733be59572-2733be5957e call 2733be32080 1968->1975 1985 2733be593c8-2733be593dc 1969->1985 1986 2733be593fc-2733be59480 call 2733be319c0 1969->1986 1983 2733be59319-2733be5939d call 2733be319c0 1970->1983 1984 2733be592e5-2733be592f9 1970->1984 1988 2733be59580-2733be595a7 1975->1988 1989 2733be595ad-2733be59667 call 2733be319c0 1975->1989 1976->1916 1983->1976 1990 2733be59314 call 2733be8cb90 1984->1990 1991 2733be592fb-2733be5930e 1984->1991 1993 2733be593f7 call 2733be8cb90 1985->1993 1994 2733be593de-2733be593f1 1985->1994 1986->1976 1988->1989 1997 2733be596ac-2733be596af 1988->1997 1989->1976 1990->1983 1991->1924 1991->1990 1993->1986 1994->1924 1994->1993 2002 2733be596ba-2733be596cb 1997->2002 2003 2733be596b1-2733be596b8 1997->2003 2004 2733be596cf-2733be596ff call 2733be0ba80 call 2733be0cc70 call 2733be8f198 2002->2004 2003->2004 2004->1914
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$PointerReadSize
                                                                                        • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                        • API String ID: 404940565-15404121
                                                                                        • Opcode ID: 57c087d1bcc7dd28c00b8731d35cf4ee4eae3dcd7d8679c2c37a17ed44cae6af
                                                                                        • Instruction ID: 0b8e3050db49ffb3d2817fd5c1289e80e6dc210d7ab9ff12ef526c1f39e103b3
                                                                                        • Opcode Fuzzy Hash: 57c087d1bcc7dd28c00b8731d35cf4ee4eae3dcd7d8679c2c37a17ed44cae6af
                                                                                        • Instruction Fuzzy Hash: 08323636618BC489EB20DF38E8843DD37A1F785B88F548356DA8D4BB99EB74C644D780
                                                                                        Function 000002733BE813C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2129 2733be813c8-2733be813fd call 2733be807e8 call 2733be807f0 call 2733be80858 2136 2733be8153b-2733be815a9 call 2733be6fc3c call 2733be89d94 2129->2136 2137 2733be81403-2733be8140e call 2733be807f8 2129->2137 2149 2733be815ab-2733be815b2 2136->2149 2150 2733be815b7-2733be815ba 2136->2150 2137->2136 2142 2733be81414-2733be8141f call 2733be80828 2137->2142 2142->2136 2148 2733be81425-2733be81448 call 2733be7b550 GetTimeZoneInformation 2142->2148 2161 2733be8144e-2733be8146f 2148->2161 2162 2733be81510-2733be8153a call 2733be807e0 call 2733be807d0 call 2733be807d8 2148->2162 2154 2733be81647-2733be8164a 2149->2154 2152 2733be815bc 2150->2152 2153 2733be815f1-2733be81604 call 2733be7dedc 2150->2153 2156 2733be815bf 2152->2156 2165 2733be8160f-2733be8162a call 2733be89d94 2153->2165 2166 2733be81606 2153->2166 2154->2156 2157 2733be81650-2733be81658 call 2733be8114c 2154->2157 2163 2733be815c4-2733be815f0 call 2733be7b550 call 2733be8cb70 2156->2163 2164 2733be815bf call 2733be813c8 2156->2164 2157->2163 2168 2733be81471-2733be81477 2161->2168 2169 2733be8147a-2733be81481 2161->2169 2164->2163 2187 2733be8162c-2733be8162f 2165->2187 2188 2733be81631-2733be81643 call 2733be7b550 2165->2188 2172 2733be81608-2733be8160d call 2733be7b550 2166->2172 2168->2169 2174 2733be81483-2733be8148b 2169->2174 2175 2733be81495 2169->2175 2172->2152 2174->2175 2182 2733be8148d-2733be81493 2174->2182 2181 2733be81497-2733be8150b call 2733be9f960 * 4 call 2733be84cb4 call 2733be81660 * 2 2175->2181 2181->2162 2182->2181 2187->2172 2188->2154
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                        • API String ID: 3458911817-239921721
                                                                                        • Opcode ID: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
                                                                                        • Instruction ID: 52b211416bf5efc0b73846b232514bc514d700a17ecc149eeb21cf032dd334c6
                                                                                        • Opcode Fuzzy Hash: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
                                                                                        • Instruction Fuzzy Hash: 1651D336708A4096E730FF29F8987D97760F748B85F445766EA4D83B96DB38C640A7C0
                                                                                        Function 000002733BE7749C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2206 2733be7749c-2733be774b0 2207 2733be774b2-2733be774be call 2733be740cc call 2733be6fbec 2206->2207 2208 2733be774cd-2733be774e4 2206->2208 2217 2733be774c3 2207->2217 2208->2207 2210 2733be774e6-2733be774ea 2208->2210 2212 2733be774fa-2733be77507 2210->2212 2213 2733be774ec-2733be774f8 call 2733be740cc 2210->2213 2212->2213 2216 2733be77509 call 2733be816e0 2212->2216 2213->2217 2221 2733be7750e-2733be77525 call 2733be807f8 2216->2221 2220 2733be774c5-2733be774cc 2217->2220 2224 2733be77783-2733be7779b call 2733be6fc3c 2221->2224 2225 2733be7752b-2733be77536 call 2733be80828 2221->2225 2225->2224 2230 2733be7753c-2733be77547 call 2733be80858 2225->2230 2230->2224 2233 2733be7754d-2733be77564 2230->2233 2234 2733be775c6-2733be775d3 call 2733be80b6c 2233->2234 2235 2733be77566-2733be7757f call 2733be80b6c 2233->2235 2234->2220 2240 2733be775d9-2733be775df 2234->2240 2235->2220 2241 2733be77585-2733be77588 2235->2241 2242 2733be775e1-2733be775eb call 2733be81724 2240->2242 2243 2733be775fe 2240->2243 2244 2733be7758e-2733be77598 call 2733be81724 2241->2244 2245 2733be7777c-2733be7777e 2241->2245 2242->2243 2253 2733be775ed-2733be775fc 2242->2253 2247 2733be77602-2733be7762f 2243->2247 2244->2245 2256 2733be7759e-2733be775b4 call 2733be80b6c 2244->2256 2245->2220 2250 2733be7763a-2733be7767b 2247->2250 2251 2733be77631-2733be77638 2247->2251 2254 2733be77687-2733be776d2 2250->2254 2255 2733be7767d-2733be77684 2250->2255 2251->2250 2253->2247 2258 2733be776d4-2733be776db 2254->2258 2259 2733be776de-2733be776f8 2254->2259 2255->2254 2256->2220 2263 2733be775ba-2733be775c1 2256->2263 2258->2259 2261 2733be776fa-2733be77723 2259->2261 2262 2733be77725 2259->2262 2261->2245 2262->2245 2264 2733be77727-2733be7775c 2262->2264 2263->2245 2265 2733be77779 2264->2265 2266 2733be7775e-2733be77777 2264->2266 2265->2245 2266->2245
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1405656091-0
                                                                                        • Opcode ID: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                                                                        • Instruction ID: 340d8d75c3aa0bfd796585f7db9018ff2c4df5edf9ae4ee77ef327e4c544b5bf
                                                                                        • Opcode Fuzzy Hash: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                                                                        • Instruction Fuzzy Hash: 9F81FDB27047454BDB68DF3CD9063EC37A5E754789F049225EA0D8B789EB38D641D780
                                                                                        Function 000002733BE68B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2267 2733be68b70-2733be68bb5 2268 2733be68e81-2733be68ebb call 2733be6c4d0 call 2733be69610 2267->2268 2269 2733be68bbb-2733be68be5 call 2733be9f960 2267->2269 2277 2733be68ec0-2733be68ec6 2268->2277 2275 2733be68be7-2733be68bf0 2269->2275 2276 2733be68bf4-2733be68c2d call 2733be44f50 call 2733be6b600 call 2733be69610 2269->2276 2275->2276 2305 2733be68c33-2733be68cb8 call 2733be25330 call 2733be450b0 call 2733be48950 call 2733be45630 2276->2305 2306 2733be68dc4-2733be68dcb 2276->2306 2279 2733be69057-2733be6905b 2277->2279 2280 2733be68ecc-2733be68f4b call 2733be25330 call 2733be450b0 call 2733be48950 call 2733be45630 2277->2280 2284 2733be69129-2733be69130 2279->2284 2285 2733be69061-2733be690be call 2733be20840 call 2733be20fb0 2279->2285 2334 2733be68f51-2733be68f59 2280->2334 2335 2733be6919b-2733be691b7 call 2733be44110 call 2733be8f198 2280->2335 2287 2733be69132-2733be69147 2284->2287 2288 2733be690fd-2733be69128 call 2733be8cb70 2284->2288 2285->2288 2314 2733be690c0-2733be690d5 2285->2314 2292 2733be69149-2733be6915c 2287->2292 2293 2733be690ec-2733be690f8 call 2733be8cb90 2287->2293 2298 2733be69166-2733be6916b call 2733be6fc0c 2292->2298 2299 2733be6915e 2292->2299 2293->2288 2322 2733be6916c-2733be69188 call 2733be44110 call 2733be8f198 2298->2322 2299->2293 2305->2322 2363 2733be68cbe-2733be68cc6 2305->2363 2311 2733be68e15-2733be68e18 2306->2311 2312 2733be68dcd-2733be68e13 call 2733be20840 2306->2312 2318 2733be68e1a-2733be68e5b call 2733be20840 2311->2318 2319 2733be68e70-2733be68e7c call 2733be44d70 2311->2319 2330 2733be68e60-2733be68e6f call 2733be20fb0 2312->2330 2314->2293 2321 2733be690d7-2733be690ea 2314->2321 2318->2330 2319->2288 2321->2293 2321->2298 2355 2733be69189-2733be6918e call 2733be6fc0c 2322->2355 2330->2319 2341 2733be68f5b-2733be68f6c 2334->2341 2342 2733be68f8c-2733be68fd1 call 2733be8eae0 * 2 2334->2342 2350 2733be691b8-2733be691bd call 2733be6fc0c 2335->2350 2348 2733be68f87 call 2733be8cb90 2341->2348 2349 2733be68f6e-2733be68f81 2341->2349 2366 2733be69005-2733be69018 2342->2366 2367 2733be68fd3-2733be68fe5 2342->2367 2348->2342 2349->2348 2349->2350 2370 2733be691be-2733be691c3 call 2733be6fc0c 2350->2370 2365 2733be6918f-2733be69194 call 2733be6fc0c 2355->2365 2368 2733be68cfa-2733be68d40 call 2733be8eae0 * 2 2363->2368 2369 2733be68cc8-2733be68cda 2363->2369 2387 2733be69195-2733be6919a call 2733be6fc0c 2365->2387 2376 2733be6901a-2733be6902c 2366->2376 2377 2733be6904c-2733be69052 2366->2377 2374 2733be68fe7-2733be68ffa 2367->2374 2375 2733be69000 call 2733be8cb90 2367->2375 2396 2733be68d73-2733be68d85 2368->2396 2397 2733be68d42-2733be68d53 2368->2397 2378 2733be68cf5 call 2733be8cb90 2369->2378 2379 2733be68cdc-2733be68cef 2369->2379 2374->2370 2374->2375 2375->2366 2385 2733be69047 call 2733be8cb90 2376->2385 2386 2733be6902e-2733be69041 2376->2386 2377->2279 2378->2368 2379->2355 2379->2378 2385->2377 2386->2385 2389 2733be69160-2733be69165 call 2733be6fc0c 2386->2389 2387->2335 2389->2298 2400 2733be68db9-2733be68dbf 2396->2400 2401 2733be68d87-2733be68d99 2396->2401 2398 2733be68d55-2733be68d68 2397->2398 2399 2733be68d6e call 2733be8cb90 2397->2399 2398->2365 2398->2399 2399->2396 2400->2306 2403 2733be68db4 call 2733be8cb90 2401->2403 2404 2733be68d9b-2733be68dae 2401->2404 2403->2400 2404->2387 2404->2403
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: value
                                                                                        • API String ID: 2453523683-494360628
                                                                                        • Opcode ID: 7db0fb4280830bd968022b08d4860836b32ff7c776b1dea3ea839d99690749e7
                                                                                        • Instruction ID: 6def9a082d0a1a19ab73f7a39e6f1b8bb40412570e6751f163aabe0d7a26a668
                                                                                        • Opcode Fuzzy Hash: 7db0fb4280830bd968022b08d4860836b32ff7c776b1dea3ea839d99690749e7
                                                                                        • Instruction Fuzzy Hash: 6202B723A18BC085EB20EB78E4883DD6761E7857A4F505342FA9D47BDADF78C685D380
                                                                                        Function 000002733BE1C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                        • String ID: [PID:
                                                                                        • API String ID: 420147892-2210602247
                                                                                        • Opcode ID: fa9b7cce1dff8c802d6dd4d3c9cf34b89bf5d1bdb666e1801b15b029693efdfa
                                                                                        • Instruction ID: d221de706d7d6391f7f2ee04d63eca5ccebc85cf9fcfe4db42433ce4c362fc06
                                                                                        • Opcode Fuzzy Hash: fa9b7cce1dff8c802d6dd4d3c9cf34b89bf5d1bdb666e1801b15b029693efdfa
                                                                                        • Instruction Fuzzy Hash: C5E19072618BC085EB30EB29E8843DD77A5F7897A4F504315EA9D4BB99DF38C284D780
                                                                                        Function 000002733BE65970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                        • String ID:
                                                                                        • API String ID: 3038321057-0
                                                                                        • Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                                        • Instruction ID: 7d69b0b96070249fe0c3c79d4fde7112af455e20817e79d96fdba538e456912c
                                                                                        • Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                                        • Instruction Fuzzy Hash: AA21A23221CB8086E720DF55F44839BB7A0FB88B80F558226EA8D47B58DF7CC644DB80
                                                                                        Function 000002733BE41340 Relevance: 6.8, Strings: 5, Instructions: 599COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                                        • API String ID: 0-2713369562
                                                                                        • Opcode ID: 71dba8fe4d069a4c72edf69e3e28f617b4c9908de53c25944bf430d96a657617
                                                                                        • Instruction ID: 048e5c87a14a3a2b3732f5c994777737da07ebcf92988fe9a86bc185d000032e
                                                                                        • Opcode Fuzzy Hash: 71dba8fe4d069a4c72edf69e3e28f617b4c9908de53c25944bf430d96a657617
                                                                                        • Instruction Fuzzy Hash: D6521632609FC484E6B1EB19F8853DAB3A4F7C9784F505265DACC42B59EF78C294DB80
                                                                                        Function 000002733BE1ACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Cred$EnumerateFree
                                                                                        • String ID: cannot use push_back() with
                                                                                        • API String ID: 3403564193-4122110429
                                                                                        • Opcode ID: 12ca8fc5de2e866e5bab1b12bd58c09a8c2b6936a8841043e04f785ce2c2cce2
                                                                                        • Instruction ID: c1a96987c54fa499983aa5d2e5ba790190946cfd6f90179a27f79da190fba33f
                                                                                        • Opcode Fuzzy Hash: 12ca8fc5de2e866e5bab1b12bd58c09a8c2b6936a8841043e04f785ce2c2cce2
                                                                                        • Instruction Fuzzy Hash: 69627D32608BC489EB30DF29E8843DD77A1F789798F505355EAAD17B99DB38C284D780
                                                                                        Function 000002733BE6C55A Relevance: 5.6, Strings: 4, Instructions: 566COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: array$object$object key$object separator
                                                                                        • API String ID: 0-2277530871
                                                                                        • Opcode ID: 72950a1bde4fdda7b4d36e74d2cebb25999317ca60ff6dc3ef4ca15f3533fbf5
                                                                                        • Instruction ID: 8fe5c05f9f64ab5318cb3aabdf1c6ce778bd2b40d731fecd94bc2d9c133aad1e
                                                                                        • Opcode Fuzzy Hash: 72950a1bde4fdda7b4d36e74d2cebb25999317ca60ff6dc3ef4ca15f3533fbf5
                                                                                        • Instruction Fuzzy Hash: 4E420362618B8496EB20FF78E4493ED2361F796784F906742EA4D47A9ADF74C384D3C0
                                                                                        Function 00007FF626BE34C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryVirtual$ProtectQuery
                                                                                        • String ID: 0
                                                                                        • API String ID: 1355999870-4108050209
                                                                                        • Opcode ID: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                                                        • Instruction ID: f46d81ac9bdf45efb62c641f9c58757a733a6bf7d002356f841284415339b0b8
                                                                                        • Opcode Fuzzy Hash: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                                                        • Instruction Fuzzy Hash: 77213E36618B8586EB50CB15F85435A73A1FB887A4F900335EBAD83BA8DF7ED144CB01
                                                                                        Function 000002733BE51EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CryptDataFreeLocalUnprotect
                                                                                        • String ID:
                                                                                        • API String ID: 1561624719-0
                                                                                        • Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                                        • Instruction ID: e230637aa263830adc85211f8f280deedf65f9df84e25a5b6fe30554710f6961
                                                                                        • Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                                        • Instruction Fuzzy Hash: 17414932718B80CAE320DF74E8443DD37A4F75978CF444269AB8C06E8ADB79C6A4D394
                                                                                        Function 000002733BE613B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DriveLogicalStrings
                                                                                        • String ID:
                                                                                        • API String ID: 2022863570-0
                                                                                        • Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                                        • Instruction ID: a5e2b4c525e5cebcec032d4e2a13bfb8c47cd9988c117cedc74fb75b3854867a
                                                                                        • Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                                        • Instruction Fuzzy Hash: 84417E33A18B8082E720DF25F88439EB774F794784F145255EA8C23A69DB78D6D1EB80
                                                                                        Function 000002733BE60110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                                        • Instruction ID: d5668f3add3d6cff931e6158ae653847d4d7048daa72f377647ee0826cbf31ac
                                                                                        • Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                                        • Instruction Fuzzy Hash: FF01963261C78082E770DF25F8553DAB3A4FB98788F444256EACD42659DFBCC294DB80
                                                                                        Function 000002733BE60820 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: cores
                                                                                        • API String ID: 0-2370456839
                                                                                        • Opcode ID: 5b8c3754b5ba17353c18ca675a3acc20a40739b5da0fab98165202c1fc5fcc7d
                                                                                        • Instruction ID: 0a73a67fabdc7d08052c27dc726b7e6e4dcd5e4aa9afe08a7f7590861cce5029
                                                                                        • Opcode Fuzzy Hash: 5b8c3754b5ba17353c18ca675a3acc20a40739b5da0fab98165202c1fc5fcc7d
                                                                                        • Instruction Fuzzy Hash: CCC10563E18B808AF720DF78E4443ED7761F7997A8F105345EE9C16A9ADB78C285D380
                                                                                        Function 000002733BE670B0 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: \u%04x
                                                                                        • API String ID: 0-2916071157
                                                                                        • Opcode ID: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                                                                        • Instruction ID: f5722d23ec54fdff40d59a6c98e728cf64c430b507c2a3ba60a47e396e581226
                                                                                        • Opcode Fuzzy Hash: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                                                                        • Instruction Fuzzy Hash: 6E81252231868481EA60EF29F5587EE6760F785B80F849662DF4E43B95DF38C715F380
                                                                                        Function 000002733BE6662B Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ":
                                                                                        • API String ID: 0-3662656813
                                                                                        • Opcode ID: dc23cd7c05b45f6358bc94f03c57da0058f789e31f7f5886284275ec2c8a9573
                                                                                        • Instruction ID: a3ea6ae3541ba4355a49be942f3c7d27716c033282e767d33bebaa51305b4da3
                                                                                        • Opcode Fuzzy Hash: dc23cd7c05b45f6358bc94f03c57da0058f789e31f7f5886284275ec2c8a9573
                                                                                        • Instruction Fuzzy Hash: 27911576308A8585DB20EF2AE19879D6761F788FC8F419202CF9E07B65CF39C658D781
                                                                                        Function 000002733BE222D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000002733BE22359
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                        • API String ID: 0-1713319389
                                                                                        • Opcode ID: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                                                                        • Instruction ID: 3f7e572fb493ac6864a8277cdd951a703df9b549658f4915021681934b4a2e35
                                                                                        • Opcode Fuzzy Hash: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                                                                        • Instruction Fuzzy Hash: F041C26361D6E049D712CB3994113BDBFB1E366B88F1C8292DBD887746D62DC306D710
                                                                                        Function 000002733BE1CF60 Relevance: .7, Instructions: 715COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c3274f3897a4260cc07431a4745c89ee4e825440cd4388d0ffdf9914fab499b
                                                                                        • Instruction ID: fe5f0178c61640e2ac7884a7c65d9275e0104bcde04fd2426f71bd1b7dc95c1e
                                                                                        • Opcode Fuzzy Hash: 5c3274f3897a4260cc07431a4745c89ee4e825440cd4388d0ffdf9914fab499b
                                                                                        • Instruction Fuzzy Hash: 15725B72A18BC489EB20DF69E8443DDB3A1F789798F504315EADC57B99EB78C280D740
                                                                                        Function 000002733BE0F1C0 Relevance: .3, Instructions: 344COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd5453b7988ad3d0afd5be8f12c431266e20323cc7e8afb3c7b6a1d0fa614844
                                                                                        • Instruction ID: a4c54f70508344ffa8d922b40e354c3f654157eee54b0d91ed15f9300f3650a1
                                                                                        • Opcode Fuzzy Hash: bd5453b7988ad3d0afd5be8f12c431266e20323cc7e8afb3c7b6a1d0fa614844
                                                                                        • Instruction Fuzzy Hash: 17F14E72A18F848AEB20DB69F44539D77A0F78D798F104315EEDC56B99EB38C290D780
                                                                                        Function 000002733BE0F8B0 Relevance: .3, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c80b7fb06ebb8ad4856598de8f4359555bd2c91437dc04e710ed0b72b5e4ded9
                                                                                        • Instruction ID: daae4b984663aba99f49ba2e07bcaf66c67f70d9d18a1852aab8d9314afb7d9c
                                                                                        • Opcode Fuzzy Hash: c80b7fb06ebb8ad4856598de8f4359555bd2c91437dc04e710ed0b72b5e4ded9
                                                                                        • Instruction Fuzzy Hash: 70F14E32608F848AEB20DB69F44539D77A0F78D7A8F105315EEDC57B99EB38C2919780
                                                                                        Function 000002733BE58B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 700 2733be58b30-2733be58b6b call 2733be588b0 703 2733be58bac 700->703 704 2733be58b6d-2733be58b7c EnterCriticalSection 700->704 707 2733be58bb1-2733be58bcf call 2733be8cb70 703->707 705 2733be58bd0-2733be58bea LeaveCriticalSection GdipGetImageEncodersSize 704->705 706 2733be58b7e-2733be58ba0 GdiplusStartup 704->706 705->703 710 2733be58bec-2733be58bff 705->710 706->705 708 2733be58ba2-2733be58ba6 LeaveCriticalSection 706->708 708->703 712 2733be58c01-2733be58c0a call 2733be58640 710->712 713 2733be58c3b-2733be58c49 call 2733be766e4 710->713 718 2733be58c38 712->718 719 2733be58c0c-2733be58c16 712->719 720 2733be58c50-2733be58c5a 713->720 721 2733be58c4b-2733be58c4e 713->721 718->713 722 2733be58c18 719->722 723 2733be58c22-2733be58c36 call 2733be8d830 719->723 724 2733be58c5e 720->724 721->724 722->723 726 2733be58c61-2733be58c64 723->726 724->726 728 2733be58c66-2733be58c6b 726->728 729 2733be58c70-2733be58c7e GdipGetImageEncoders 726->729 730 2733be58dde-2733be58de1 728->730 731 2733be58dc9-2733be58dce 729->731 732 2733be58c84-2733be58c8d 729->732 735 2733be58e04-2733be58e06 730->735 736 2733be58de3-2733be58de7 730->736 731->730 733 2733be58cbf 732->733 734 2733be58c8f-2733be58c9d 732->734 739 2733be58cc6-2733be58cd6 733->739 737 2733be58ca0-2733be58cab 734->737 735->707 738 2733be58df0-2733be58e02 call 2733be6efd8 736->738 740 2733be58cb8-2733be58cbd 737->740 741 2733be58cad-2733be58cb2 737->741 738->735 743 2733be58cd8-2733be58ce9 739->743 744 2733be58cef-2733be58d0b 739->744 740->733 740->737 741->740 745 2733be58d6d-2733be58d71 741->745 743->731 743->744 747 2733be58d78-2733be58db7 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 744->747 748 2733be58d0d-2733be58d66 GdipCreateBitmapFromScan0 GdipSaveImageToStream 744->748 745->739 751 2733be58db9 747->751 752 2733be58dd0-2733be58ddd GdipDisposeImage 747->752 749 2733be58d68-2733be58d6b 748->749 750 2733be58d76 748->750 753 2733be58dbc-2733be58dc3 GdipDisposeImage 749->753 750->752 751->753 752->730 753->731
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                                        • String ID: &
                                                                                        • API String ID: 1703174404-3042966939
                                                                                        • Opcode ID: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                                                                        • Instruction ID: 46575172475f06efa56a28caf09ce217e6cbae9b5a6479f0901d5260055db163
                                                                                        • Opcode Fuzzy Hash: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                                                                        • Instruction Fuzzy Hash: 88918F32609B449AEB30EF29F8087D837A4F754B98F458356EA4D47B94DB38C685E3C0
                                                                                        Function 000002733BE59BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250networkCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1402 2733be59be0-2733be59c37 call 2733be5f890 1405 2733be59c39-2733be59c41 1402->1405 1406 2733be59c7d-2733be59d61 call 2733be324f0 call 2733be25330 call 2733be1eda0 call 2733be25330 call 2733be1eda0 call 2733be20fb0 WSAStartup 1402->1406 1408 2733be59c45-2733be59c4d 1405->1408 1419 2733be59e28 1406->1419 1439 2733be59d67-2733be59d8b socket 1406->1439 1410 2733be59c4f 1408->1410 1411 2733be59c52-2733be59c62 1408->1411 1410->1411 1413 2733be59c74-2733be59c7b 1411->1413 1414 2733be59c64-2733be59c6e call 2733be9fd00 1411->1414 1413->1406 1413->1408 1414->1413 1414->1419 1422 2733be59e2a-2733be59e32 1419->1422 1424 2733be59e34-2733be59e45 1422->1424 1425 2733be59e65-2733be59ea9 call 2733be8cb70 1422->1425 1427 2733be59e47-2733be59e5a 1424->1427 1428 2733be59e60 call 2733be8cb90 1424->1428 1427->1428 1432 2733be59fcf-2733be59fd4 call 2733be6fc0c 1427->1432 1428->1425 1438 2733be59fd5-2733be59fda call 2733be6fc0c 1432->1438 1441 2733be59e22 WSACleanup 1439->1441 1442 2733be59d91-2733be59dbe htons 1439->1442 1441->1419 1443 2733be59dc4-2733be59dd4 call 2733be67890 1442->1443 1444 2733be59ecd-2733be59efe call 2733be58e10 call 2733be1fb70 1442->1444 1450 2733be59dd9-2733be59e06 inet_pton connect 1443->1450 1451 2733be59dd6 1443->1451 1458 2733be59f36-2733be59f53 call 2733be58e10 1444->1458 1459 2733be59f00-2733be59f16 1444->1459 1453 2733be59eaa-2733be59eb4 1450->1453 1454 2733be59e0c-2733be59e13 1450->1454 1451->1450 1453->1444 1456 2733be59eb6-2733be59ebf 1453->1456 1454->1443 1457 2733be59e15-2733be59e1c closesocket 1454->1457 1461 2733be59ec4-2733be59ecc call 2733be215c0 1456->1461 1462 2733be59ec1 1456->1462 1457->1441 1465 2733be59f58-2733be59f7c call 2733be1fb70 1458->1465 1463 2733be59f18-2733be59f2b 1459->1463 1464 2733be59f31 call 2733be8cb90 1459->1464 1461->1444 1462->1461 1463->1438 1463->1464 1464->1458 1471 2733be59fb8-2733be59fc4 1465->1471 1472 2733be59f7e-2733be59f94 1465->1472 1471->1422 1473 2733be59f96-2733be59fa9 1472->1473 1474 2733be59fab-2733be59fb0 call 2733be8cb90 1472->1474 1473->1474 1475 2733be59fc9-2733be59fce call 2733be6fc0c 1473->1475 1474->1471 1475->1432
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                                        • String ID: geo$system
                                                                                        • API String ID: 213021568-2364779556
                                                                                        • Opcode ID: 8d507ed780ab9415465bea42d74918d4bd8e0c0aefd231a4a2bfbea2f08b141c
                                                                                        • Instruction ID: 7815334a70aa9e64f6fcdef8530d217c94ecc6389c1c81f442b7ed29c1e30a98
                                                                                        • Opcode Fuzzy Hash: 8d507ed780ab9415465bea42d74918d4bd8e0c0aefd231a4a2bfbea2f08b141c
                                                                                        • Instruction Fuzzy Hash: 86C1B076B09B4085FB20EB68E8483DC23B2AB54798F415752DE5D1B7A9DE38C685E380
                                                                                        Function 000002733BE63B30 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1882 2733be63b30-2733be63b92 GetCurrentProcess GetProcessId RmStartSession 1883 2733be63b98-2733be63bbd RmRegisterResources 1882->1883 1884 2733be63c91 1882->1884 1886 2733be63c88-2733be63c8b RmEndSession 1883->1886 1887 2733be63bc3-2733be63bf9 RmGetList 1883->1887 1885 2733be63c93-2733be63cb6 call 2733be8cb70 1884->1885 1886->1884 1889 2733be63cd4 1887->1889 1890 2733be63bff-2733be63c04 1887->1890 1891 2733be63cd7-2733be63cdf RmEndSession 1889->1891 1890->1889 1893 2733be63c0a-2733be63c30 call 2733be766e4 1890->1893 1891->1885 1893->1891 1896 2733be63c36-2733be63c58 RmGetList 1893->1896 1897 2733be63c5a-2733be63c5d 1896->1897 1898 2733be63ccc-2733be63ccf call 2733be6efd8 1896->1898 1897->1898 1900 2733be63c5f-2733be63c68 1897->1900 1898->1889 1900->1886 1901 2733be63c6a 1900->1901 1902 2733be63c70-2733be63c7f 1901->1902 1903 2733be63cb7-2733be63cca call 2733be6efd8 RmEndSession 1902->1903 1904 2733be63c81-2733be63c86 1902->1904 1903->1884 1904->1886 1904->1902
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                                        • String ID:
                                                                                        • API String ID: 3299295986-0
                                                                                        • Opcode ID: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                                                                        • Instruction ID: b548dc8f6d2b7a2ff2021623e4214eb442149e20cea3aafb5cebf8c74f2c2ea7
                                                                                        • Opcode Fuzzy Hash: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                                                                        • Instruction Fuzzy Hash: 72513032B09A418AF720DFA8F4587DD77A1B748748F504269EE0E63B94DE38CA05D790
                                                                                        Function 000002733BE7D5F0 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2011 2733be7d5f0-2733be7d616 2012 2733be7d631-2733be7d635 2011->2012 2013 2733be7d618-2733be7d62c call 2733be740ac call 2733be740cc 2011->2013 2015 2733be7da0b-2733be7da17 call 2733be740ac call 2733be740cc 2012->2015 2016 2733be7d63b-2733be7d642 2012->2016 2030 2733be7da22 2013->2030 2033 2733be7da1d call 2733be6fbec 2015->2033 2016->2015 2018 2733be7d648-2733be7d676 2016->2018 2018->2015 2022 2733be7d67c-2733be7d683 2018->2022 2025 2733be7d69c-2733be7d69f 2022->2025 2026 2733be7d685-2733be7d697 call 2733be740ac call 2733be740cc 2022->2026 2027 2733be7d6a5-2733be7d6ab 2025->2027 2028 2733be7da07-2733be7da09 2025->2028 2026->2033 2027->2028 2032 2733be7d6b1-2733be7d6b4 2027->2032 2034 2733be7da25-2733be7da3c 2028->2034 2030->2034 2032->2026 2036 2733be7d6b6-2733be7d6db 2032->2036 2033->2030 2039 2733be7d6dd-2733be7d6df 2036->2039 2040 2733be7d70e-2733be7d715 2036->2040 2042 2733be7d6e1-2733be7d6e8 2039->2042 2043 2733be7d706-2733be7d70c 2039->2043 2044 2733be7d717-2733be7d73f call 2733be7dedc call 2733be7b550 * 2 2040->2044 2045 2733be7d6ea-2733be7d701 call 2733be740ac call 2733be740cc call 2733be6fbec 2040->2045 2042->2043 2042->2045 2048 2733be7d78c-2733be7d7a3 2043->2048 2072 2733be7d75c-2733be7d787 call 2733be7dcb0 2044->2072 2073 2733be7d741-2733be7d757 call 2733be740cc call 2733be740ac 2044->2073 2076 2733be7d894 2045->2076 2051 2733be7d81e-2733be7d828 call 2733be87c7c 2048->2051 2052 2733be7d7a5-2733be7d7ad 2048->2052 2064 2733be7d82e-2733be7d843 2051->2064 2065 2733be7d8b2 2051->2065 2052->2051 2053 2733be7d7af-2733be7d7b1 2052->2053 2053->2051 2057 2733be7d7b3-2733be7d7c9 2053->2057 2057->2051 2061 2733be7d7cb-2733be7d7d7 2057->2061 2061->2051 2066 2733be7d7d9-2733be7d7db 2061->2066 2064->2065 2070 2733be7d845-2733be7d857 GetConsoleMode 2064->2070 2068 2733be7d8b7-2733be7d8d7 ReadFile 2065->2068 2066->2051 2071 2733be7d7dd-2733be7d7f5 2066->2071 2074 2733be7d8dd-2733be7d8e5 2068->2074 2075 2733be7d9d1-2733be7d9da call 2733beb2160 2068->2075 2070->2065 2077 2733be7d859-2733be7d861 2070->2077 2071->2051 2079 2733be7d7f7-2733be7d803 2071->2079 2072->2048 2073->2076 2074->2075 2083 2733be7d8eb 2074->2083 2093 2733be7d9dc-2733be7d9f2 call 2733be740cc call 2733be740ac 2075->2093 2094 2733be7d9f7-2733be7d9fa 2075->2094 2080 2733be7d897-2733be7d8a1 call 2733be7b550 2076->2080 2077->2068 2084 2733be7d863-2733be7d885 call 2733beb23b8 2077->2084 2079->2051 2086 2733be7d805-2733be7d807 2079->2086 2080->2034 2090 2733be7d8f2-2733be7d907 2083->2090 2101 2733be7d8a6-2733be7d8b0 2084->2101 2102 2733be7d887 call 2733beb2160 2084->2102 2086->2051 2095 2733be7d809-2733be7d819 2086->2095 2090->2080 2098 2733be7d909-2733be7d914 2090->2098 2093->2076 2105 2733be7d88d-2733be7d88f call 2733be74040 2094->2105 2106 2733be7da00-2733be7da02 2094->2106 2095->2051 2099 2733be7d93b-2733be7d943 2098->2099 2100 2733be7d916-2733be7d92f call 2733be7d208 2098->2100 2109 2733be7d9bf-2733be7d9cc call 2733be7d048 2099->2109 2110 2733be7d945-2733be7d957 2099->2110 2114 2733be7d934-2733be7d936 2100->2114 2101->2090 2102->2105 2105->2076 2106->2080 2109->2114 2115 2733be7d9b2-2733be7d9ba 2110->2115 2116 2733be7d959 2110->2116 2114->2080 2115->2080 2119 2733be7d95e-2733be7d965 2116->2119 2121 2733be7d9a1-2733be7d9ac 2119->2121 2122 2733be7d967-2733be7d96b 2119->2122 2121->2115 2123 2733be7d96d-2733be7d974 2122->2123 2124 2733be7d987 2122->2124 2123->2124 2125 2733be7d976-2733be7d97a 2123->2125 2126 2733be7d98d-2733be7d99d 2124->2126 2125->2124 2127 2733be7d97c-2733be7d985 2125->2127 2126->2119 2128 2733be7d99f 2126->2128 2127->2126 2128->2115
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
                                                                                        • Instruction ID: 3ed6444b1b42f59fd4db4afb81852dd052d4a134d032726ed2baa52e30ee68f0
                                                                                        • Opcode Fuzzy Hash: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
                                                                                        • Instruction Fuzzy Hash: F1C1C3A220C78583F771EB9DA44A3DD7B61F780B80F558395FA8E03391DB79CA45A381
                                                                                        Function 000002733BE58990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                                        • String ID:
                                                                                        • API String ID: 4268643673-0
                                                                                        • Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                                        • Instruction ID: a8b2206430438141a9b4559c7418f2ed7adf25f1af0991d8117a5d1205e599db
                                                                                        • Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                                        • Instruction Fuzzy Hash: B7116A3250AB40C1EB20EF28F85819973B4FB44FA4B684356DA6E462A4DF34CA96D3C0
                                                                                        Function 00007FF626BF7980 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF626BF7C00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF626BF7C0E
                                                                                          • Part of subcall function 00007FF626BE6610: char_traits.LIBCPMTD ref: 00007FF626BE663D
                                                                                          • Part of subcall function 00007FF626BF7DC0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF7ED5
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF7AFA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ProcessorReentrantScoped_lockScoped_lock::~_Virtual$Concurrency::RootRoot::char_traits
                                                                                        • String ID: EnterCriticalSection$LeaveCriticalSection$LoadAcceleratorsA$LoadAcceleratorsW
                                                                                        • API String ID: 2378420206-1394853731
                                                                                        • Opcode ID: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                                                        • Instruction ID: 17c2e95a7d354bfa88a1141162b92c8426ee63931ca77e01a4f6890bdaf15128
                                                                                        • Opcode Fuzzy Hash: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                                                        • Instruction Fuzzy Hash: 1D514F2651D98291DE30EB64FC513EEA360FBC2345F901072E68DC3AAAEE2DD915CB41
                                                                                        Function 000002733BE5E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: recv$Cleanupclosesocket
                                                                                        • String ID:
                                                                                        • API String ID: 146070474-0
                                                                                        • Opcode ID: 64d328896e954a547c3b29eb49fb77e27025de37278f77c6f89290b4beb24637
                                                                                        • Instruction ID: 138e25f2f0d924fd994b2958340ec082cff37526b21c26ad13f1e26220086f9a
                                                                                        • Opcode Fuzzy Hash: 64d328896e954a547c3b29eb49fb77e27025de37278f77c6f89290b4beb24637
                                                                                        • Instruction Fuzzy Hash: 7812A37261CBC481EA30EB18F4583DE6761F789790F505352EAED46AEADF78C680D780
                                                                                        Function 00007FF626BF7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF80EF
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF8197
                                                                                          • Part of subcall function 00007FF626C377D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF626C3651B), ref: 00007FF626C37824
                                                                                          • Part of subcall function 00007FF626C377D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF626C3651B), ref: 00007FF626C37865
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$ExceptionFileHeaderRaise
                                                                                        • String ID: 1.3.1.zlib-ng
                                                                                        • API String ID: 543713560-992988628
                                                                                        • Opcode ID: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                                                        • Instruction ID: 4c03dd71271f46f3748d94e2181bf796f72637fe1147d4f271cca7f5532eb1fe
                                                                                        • Opcode Fuzzy Hash: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                                                        • Instruction Fuzzy Hash: 2A61F83261CA8586DE70DB14E8513EEB3A0FBD9345F900135EACD82AA9DF3DD654CB41
                                                                                        Function 000002733BE60420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                        • API String ID: 3702945584-1787575317
                                                                                        • Opcode ID: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                                                                        • Instruction ID: 30a504198d49432ce782d326282d0486c73f42ba355fdd56e8b9ac1f898918b1
                                                                                        • Opcode Fuzzy Hash: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                                                                        • Instruction Fuzzy Hash: B6118E3220CB8082EB20DF25F84439AB3A4F789784F414316EA9C07B59CFBCC294CB80
                                                                                        Function 000002733BE6B090 Relevance: 4.9, APIs: 3, Instructions: 440COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 2ccb1c66db1857d2f97d686fc6af02b5fe4d084d8bfe71cc9a34bb5c39443187
                                                                                        • Instruction ID: 14522d67cace02142f73a57ab570409d4065e851fe14288dbb998ddde71ae254
                                                                                        • Opcode Fuzzy Hash: 2ccb1c66db1857d2f97d686fc6af02b5fe4d084d8bfe71cc9a34bb5c39443187
                                                                                        • Instruction Fuzzy Hash: 46F1C032215B8481EA24EB29F4497EE63A4F748BE4F144725AFAD47795EF38C291D380
                                                                                        Function 000002733BE5ED77 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Cleanupclosesocketrecv
                                                                                        • String ID:
                                                                                        • API String ID: 3447645871-0
                                                                                        • Opcode ID: 5f43de0dc1a28afc19fc76975d6654e0929afc1745546c7a5a358dfe4b68544a
                                                                                        • Instruction ID: e1af696365c22ed2eda5c9ce989f51bb497a69e3973efc282972d307063715f1
                                                                                        • Opcode Fuzzy Hash: 5f43de0dc1a28afc19fc76975d6654e0929afc1745546c7a5a358dfe4b68544a
                                                                                        • Instruction Fuzzy Hash: CF917663A18BC441EA30E718F4583DE6751F7997A0F105346DAAD47BEADF78C580E780
                                                                                        Function 000002733BE61111 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseEnumOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1332880857-0
                                                                                        • Opcode ID: 5bdcb49920ee0669aa8e284a80da3776a59de088301a5c323abb8112722a4b35
                                                                                        • Instruction ID: 4f5de72e19ac898a493faf53cdc1742417c75dced664647f67b788dd28ed9c1e
                                                                                        • Opcode Fuzzy Hash: 5bdcb49920ee0669aa8e284a80da3776a59de088301a5c323abb8112722a4b35
                                                                                        • Instruction Fuzzy Hash: F3719F72B08B8085EB21EB69F4483DD7760F7857A8F105705EAAD17AE9DB78C1C1E780
                                                                                        Function 00007FF626BED7F0 Relevance: 4.6, APIs: 3, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF626BED8DD
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF626BED9C0
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BED9E9
                                                                                          • Part of subcall function 00007FF626BE6610: char_traits.LIBCPMTD ref: 00007FF626BE663D
                                                                                          • Part of subcall function 00007FF626BEDAA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BEDAB8
                                                                                          • Part of subcall function 00007FF626BEDB00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BEDB13
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextIdentityQueue$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 2573577243-0
                                                                                        • Opcode ID: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                                                        • Instruction ID: b4307e35bf43c503285fb59eba2266fe97c92be4e86bdf6fa9496ef5ea8724b8
                                                                                        • Opcode Fuzzy Hash: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                                                        • Instruction Fuzzy Hash: A7513C6260CB8691DE209B15E8503EFB360FBC6781F804072E6CD87BAAEF6DD515CB41
                                                                                        Function 000002733BE610A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: EnumOpen
                                                                                        • String ID:
                                                                                        • API String ID: 3231578192-0
                                                                                        • Opcode ID: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                                                                        • Instruction ID: a32cee49e94f28d097153729773fc434a3c00c624035f081f4464f52cb1f5da8
                                                                                        • Opcode Fuzzy Hash: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                                                                        • Instruction Fuzzy Hash: 29319F32B08B8085E720DF65F8487DE7774F744798F205215EE9D17A54DB78C692D780
                                                                                        Function 00007FF626BF17D0 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFunction0Member$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 1927575840-0
                                                                                        • Opcode ID: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                                                        • Instruction ID: c5532d5ca764491560400253896142544875c05f0efd076160054a1792c06d40
                                                                                        • Opcode Fuzzy Hash: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                                                        • Instruction Fuzzy Hash: A2314F35A0C64285EE20EB15EC4017E77E1FB86785F404535FA8DC7AAADF3EE5118B42
                                                                                        Function 000002733BE60DDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseOpenQueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3677997916-0
                                                                                        • Opcode ID: 167b3dbd054041ffdb8ff7b27bb51a5af926637fa25483a72cd675fd3e38e6c5
                                                                                        • Instruction ID: 43fbf8f5cc11cb01c21a1a60433f1e4af37c333b12d0681db77b87cb3af48cbb
                                                                                        • Opcode Fuzzy Hash: 167b3dbd054041ffdb8ff7b27bb51a5af926637fa25483a72cd675fd3e38e6c5
                                                                                        • Instruction Fuzzy Hash: DB21EA2261DB9081EE70EB29F08439EA750FBD57D4F405312FA8D42A99DF3CC284D780
                                                                                        Function 00007FF626BF82A0 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$CurrentInformationOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2743777493-0
                                                                                        • Opcode ID: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                                                        • Instruction ID: bc45adb0e5c8004a76e8b53aada5861a5e8b3172364839672217633ac9e14a1c
                                                                                        • Opcode Fuzzy Hash: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                                                        • Instruction Fuzzy Hash: BB21622662C68185EF50DB10E8503AE7770FB82345F901035FA8E87AA9DF7ED504CB01
                                                                                        Function 000002733BE5F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Info$User
                                                                                        • String ID:
                                                                                        • API String ID: 2017065092-0
                                                                                        • Opcode ID: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                                                                        • Instruction ID: 76c7defdbb70cc29b7a230085401829e57541d9a5f066867b3598890610e6470
                                                                                        • Opcode Fuzzy Hash: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                                                                        • Instruction Fuzzy Hash: 95119D32A18B8082E720EF65F41475EB7A1FB84B88F045225EB8903B59DF7CD6909BC4
                                                                                        Function 000002733BE59760 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$CurrentInformationOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2743777493-0
                                                                                        • Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                                        • Instruction ID: af890438ec4fbc4f1c9f8e5a7f1436634aab6cd97ebb194cf0a6e1c210e729fa
                                                                                        • Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                                        • Instruction Fuzzy Hash: EA11513261DB4082EB60DF15F84438AB7A0FB84B80F445266EB8D43B68CF3CC545DB80
                                                                                        Function 000002733BE83270 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 1703294689-0
                                                                                        • Opcode ID: f80d91bcf93e8424b3640f1b7356e3f7b22acd1ad7b3684da8aa45f97133e79c
                                                                                        • Instruction ID: 0438c14518a7b1fdfc67086279b0421df78b5a240b6e498f8e183361324b0407
                                                                                        • Opcode Fuzzy Hash: f80d91bcf93e8424b3640f1b7356e3f7b22acd1ad7b3684da8aa45f97133e79c
                                                                                        • Instruction Fuzzy Hash: 2CD09E1470DB0452EA38FB78789D6DD17155F49B02F005EACA90F4A397CD2D874D62C0
                                                                                        Function 000002733BE1F350 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-3916222277
                                                                                        • Opcode ID: d64c194b8d63a2c56f4a75dcc143c28c30b6ecabf1f09533ba250de39c4b8e28
                                                                                        • Instruction ID: 2869ff60e57dd34759dc386613ef06f11dd91819866db5eb2f6fb5c3a5b95702
                                                                                        • Opcode Fuzzy Hash: d64c194b8d63a2c56f4a75dcc143c28c30b6ecabf1f09533ba250de39c4b8e28
                                                                                        • Instruction Fuzzy Hash: 48515C72208B4496EB25DF2EE19839C73A0F348B94F644662CB5D53BA2CF38D5A1D3C0
                                                                                        Function 000002733BE60C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CurrentProfile
                                                                                        • String ID: Unknown
                                                                                        • API String ID: 2104809126-1654365787
                                                                                        • Opcode ID: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                                                                        • Instruction ID: edb15ce7319dce20e6ff6e3cb252c43f79447f46d9a23d608e843d9c3d676466
                                                                                        • Opcode Fuzzy Hash: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                                                                        • Instruction Fuzzy Hash: 6831EF2362CBC086E720DF24F4443EAA760F799B84F546215EBCD12A4ADB7CC684DB80
                                                                                        Function 00007FF626BEFAE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                                                        • Instruction ID: 31d6a9c9933d88d4a795477facc50b39da95e2f3e77e99794ee1d3438f53e640
                                                                                        • Opcode Fuzzy Hash: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                                                        • Instruction Fuzzy Hash: 22312836A1CB818ADB60CB25E89422EBBE4F7C9784F500165FA8D83B58DF3DD5108F00
                                                                                        Function 000002733BE251E0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 418ad345e38e5ece6923477ef3d4cd48538987449be9ede3b57e8d5671647296
                                                                                        • Instruction ID: 724a4d801449242eecc3211cde72a840e635448bf336dedc67cc81292492ed16
                                                                                        • Opcode Fuzzy Hash: 418ad345e38e5ece6923477ef3d4cd48538987449be9ede3b57e8d5671647296
                                                                                        • Instruction Fuzzy Hash: 0B51F962309B4085EE34FB19B6083DD63D1A708BE5F584761DEBD0F7D6EA78C681A380
                                                                                        Function 000002733BE58E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FolderFreeKnownPathTask
                                                                                        • String ID:
                                                                                        • API String ID: 969438705-0
                                                                                        • Opcode ID: 742bb63662d3073f9ee8af471a8bc599662f9952876318b13433662567a57a6c
                                                                                        • Instruction ID: 5b71fd7615d3ea839bebac349e54afc4773d05276f8521046f2471c6af6238a2
                                                                                        • Opcode Fuzzy Hash: 742bb63662d3073f9ee8af471a8bc599662f9952876318b13433662567a57a6c
                                                                                        • Instruction Fuzzy Hash: 4E316572918B8481E720DF29F44439EB761F7997E4F105316FAAD03795DB7CC2819B80
                                                                                        Function 000002733BE6E614 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                                                                        • Instruction ID: f827aebea589fcfc7e997370a0386f24daf4bbea804ff6de2b35d0915388980a
                                                                                        • Opcode Fuzzy Hash: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                                                                        • Instruction Fuzzy Hash: 7C319532618A4881EA74FF58F8593ED3361E7A4B80F9417A1E65D473D2EE78C314A380
                                                                                        Function 000002733BE57390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID:
                                                                                        • API String ID: 47109696-0
                                                                                        • Opcode ID: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                                                                        • Instruction ID: 40cf912a2310e02719e40d0986dc8b991bfed68eeeb3b588ca67060a3c5a244f
                                                                                        • Opcode Fuzzy Hash: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                                                                        • Instruction Fuzzy Hash: 01210721719A4045EE70EB29F8443EAA760EB88BD4F445362FE4D43BA5DF28C681E780
                                                                                        Function 000002733BE5664C Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                                        • String ID:
                                                                                        • API String ID: 420082584-0
                                                                                        • Opcode ID: 036243cc36745df91b13cbf9ecb1cefea124ab65504d4d2134417f0e20bc5439
                                                                                        • Instruction ID: e3413b4c757585b9fc645d2a8d4b454f5db55423b92cd65a5f78b753e4726829
                                                                                        • Opcode Fuzzy Hash: 036243cc36745df91b13cbf9ecb1cefea124ab65504d4d2134417f0e20bc5439
                                                                                        • Instruction Fuzzy Hash: F321D31160D58046F931F7BCF40E3ED9290AF46791F645BD2E9AE012D7DE18C384B2D1
                                                                                        Function 000002733BE5667D Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseHandleMutexReleaserecv
                                                                                        • String ID:
                                                                                        • API String ID: 2659716615-0
                                                                                        • Opcode ID: ab5b83b0048094fda44903b8d71eb9334083aa5015830e94b64139949424460e
                                                                                        • Instruction ID: c74b5febc9eeff1ed7f95a801c60fe60dd1413f62768abedd1b510fcdc9c0902
                                                                                        • Opcode Fuzzy Hash: ab5b83b0048094fda44903b8d71eb9334083aa5015830e94b64139949424460e
                                                                                        • Instruction Fuzzy Hash: 9011E56160D68046FA70F73CF40E3ED6390AF86B91F545792EAAE016D7DE18C280B2D1
                                                                                        Function 000002733BE7DB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                                        • Instruction ID: 8048d4386a17247794bc551298059128805d57c39ade6828489ba843ba6204f5
                                                                                        • Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                                        • Instruction Fuzzy Hash: 7E11C1A2208B8082DA20EB69F449299A761E785BF4F544351EE7D4B7E9CF78C6509780
                                                                                        Function 00007FF626BED750 Relevance: 3.0, APIs: 2, Instructions: 33libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID:
                                                                                        • API String ID: 2574300362-0
                                                                                        • Opcode ID: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                                                        • Instruction ID: 96d996fdb4c9a694cecdf18409d454247fae9a1c4b66e63850a3cc75269bb29e
                                                                                        • Opcode Fuzzy Hash: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                                                        • Instruction Fuzzy Hash: 5201697651CB8589DB60CB11F88032EB7B0F78A795F500575E6CE82BA8CFBDC1A48B01
                                                                                        Function 000002733BE8CB98 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                        • String ID:
                                                                                        • API String ID: 1173176844-0
                                                                                        • Opcode ID: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                                                                        • Instruction ID: a08e4dc2b6889aeadb563fbfef690991fe6ef65dc7ce8d454381880de2a07580
                                                                                        • Opcode Fuzzy Hash: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                                                                        • Instruction Fuzzy Hash: 07E0EC1161AD1545F938F7BE340E3E500845B1AB76E1C1FA1697D853E3A91486D571D0
                                                                                        Function 00007FF626C25810 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(?,?,00007FF626C25929,00007FF626C2ACD6,?,?,?,00007FF626C2B053,?,?,00000000,00007FF626C2B9B9,?,?,?,00007FF626C2B8EB), ref: 00007FF626C25826
                                                                                        • GetLastError.KERNEL32(?,?,00007FF626C25929,00007FF626C2ACD6,?,?,?,00007FF626C2B053,?,?,00000000,00007FF626C2B9B9,?,?,?,00007FF626C2B8EB), ref: 00007FF626C25830
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                                                        • Instruction ID: 11d0baeabf3d88acc86c14014fb6191f48ebbf9670c39f3059686cb8a7fae593
                                                                                        • Opcode Fuzzy Hash: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                                                        • Instruction Fuzzy Hash: 12E0C2A4F1820242FF08BBFA6CA503A13755F84751F846030CD0DC3692EEAEA8814312
                                                                                        Function 000002733BE7B550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                                                                        • Instruction ID: 049ac2c189f060bbe99f440df64661d176e4a30ece43168e6a25878f16349adb
                                                                                        • Opcode Fuzzy Hash: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                                                                        • Instruction Fuzzy Hash: 5EE0C240B0E20183FF38F3FA786E3E812561F84740F0407A0AA1D82292EE38474073C0
                                                                                        Function 000002733BE6D450 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 22961ef930a00238eb161d6b0356fad4b0c2afeaa7fa2e1538140c8a8bd2ea9f
                                                                                        • Instruction ID: 3e2a3f4b04131304828afeca27d90011070f24eb282c55a9eecc4144cb423d90
                                                                                        • Opcode Fuzzy Hash: 22961ef930a00238eb161d6b0356fad4b0c2afeaa7fa2e1538140c8a8bd2ea9f
                                                                                        • Instruction Fuzzy Hash: B961BE62308A8084EB25EF5AE1583AC23A1E314F98F94C751CE6D5B7D5DE38CA85E380
                                                                                        Function 000002733BE0E150 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_fs_directory_iterator_open
                                                                                        • String ID:
                                                                                        • API String ID: 4007087469-0
                                                                                        • Opcode ID: 4721e9ab553274334b1f156d9a7184a3bbbc1e1787f4ba01afe0aee770dfc53e
                                                                                        • Instruction ID: b518c29691b894aa91a381cd43e13145637fe28f8e3897384e4d5067a1e67875
                                                                                        • Opcode Fuzzy Hash: 4721e9ab553274334b1f156d9a7184a3bbbc1e1787f4ba01afe0aee770dfc53e
                                                                                        • Instruction Fuzzy Hash: 7261F562F08B4585FB30EB6EE4983EC23A1E749794F004761EE1D577D5EA3CC685A380
                                                                                        Function 000002733BE25B00 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 6819557343382872e52757baf74dd55a98ceffe11ae555dd88650f504de38fe3
                                                                                        • Instruction ID: 036aac2e5c932dd56d6ce1104f8074c3c5ea965d34e45f7e914d90b5a58d0aa5
                                                                                        • Opcode Fuzzy Hash: 6819557343382872e52757baf74dd55a98ceffe11ae555dd88650f504de38fe3
                                                                                        • Instruction Fuzzy Hash: DE41BF76308B8485EA20FB1AB54C3DD6391B749BD4F540761EEAD0B795EF3CC641A384
                                                                                        Function 000002733BE4B010 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: b203b9bf632efb5300e9700833c121eeda259d8c8cfb89c73224b3e6f1179f50
                                                                                        • Instruction ID: 02139cdb039ebb32b2caceff73d8ad707628dc80baa3ea0371fa9ba100db7308
                                                                                        • Opcode Fuzzy Hash: b203b9bf632efb5300e9700833c121eeda259d8c8cfb89c73224b3e6f1179f50
                                                                                        • Instruction Fuzzy Hash: 1041B472218B8481DA34EB69F5583EEB3A0F749BD0F104755ABAD03B95DF38C281D380
                                                                                        Function 000002733BE25CB0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 1275d2820500e66303057adeeb9cafde1f00f1c59bed1405ecd51a4b825d8eb5
                                                                                        • Instruction ID: ff4d222cb3466f8faf654e272bc85e45f42d663ebf917a6ce93042c3544e178c
                                                                                        • Opcode Fuzzy Hash: 1275d2820500e66303057adeeb9cafde1f00f1c59bed1405ecd51a4b825d8eb5
                                                                                        • Instruction Fuzzy Hash: DE419362309B4485EE30FB1AB60C3DAA391B745BD4F5447619EAD0F7D6DE38C641A380
                                                                                        Function 000002733BE215C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 12228b42dbb7d06fb81c5e6fe8c0e4450f80b8911eb8c80816cdf8817a3beac7
                                                                                        • Instruction ID: 9009be6ceb376eac94a94f146805e4ce28feb3c36c08bc9b22381042f0a2931f
                                                                                        • Opcode Fuzzy Hash: 12228b42dbb7d06fb81c5e6fe8c0e4450f80b8911eb8c80816cdf8817a3beac7
                                                                                        • Instruction Fuzzy Hash: 4E31F326709B4444FA35FB59F6083ED22819705FE4F5807619EAD0BBD5EA78C781A381
                                                                                        Function 000002733BE7BA50 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                                                                        • Instruction ID: cf7b9dff34a11283713eee6839951ba03623f27d15c38239b391fe36e5943618
                                                                                        • Opcode Fuzzy Hash: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                                                                        • Instruction Fuzzy Hash: 7741E47221820487EA34FB2DF56A3E973A0E755B84F141341FB9E836D4CB28D602E7D1
                                                                                        Function 000002733BE60250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InformationVolume
                                                                                        • String ID:
                                                                                        • API String ID: 2039140958-0
                                                                                        • Opcode ID: fed4a2f5e55cb5badf149d3cddc4b61e7a545cc3d15ebc6aed106fdd84461df2
                                                                                        • Instruction ID: 3ecc17e59d98b20b39d5d7f7e3d5a78e12b29e1df62fb6bbe1945a0c6cc3e3cc
                                                                                        • Opcode Fuzzy Hash: fed4a2f5e55cb5badf149d3cddc4b61e7a545cc3d15ebc6aed106fdd84461df2
                                                                                        • Instruction Fuzzy Hash: 66519032A18B9086E720DF68E8843DD77A0F799788F505352EB9C53A99DF78C684C780
                                                                                        Function 00007FF626BF7DC0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF626BFB970: _Byte_length.LIBCPMTD ref: 00007FF626BFB9F6
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF7ED5
                                                                                          • Part of subcall function 00007FF626BFBA40: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BFBA6A
                                                                                          • Part of subcall function 00007FF626BFBAA0: _Byte_length.LIBCPMTD ref: 00007FF626BFBB26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Byte_lengthConcurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                                        • String ID:
                                                                                        • API String ID: 2675252387-0
                                                                                        • Opcode ID: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                                                        • Instruction ID: 45f15ec4d06303bda2410217fa68d0a94148e8658d28745d77acc0d39c56be76
                                                                                        • Opcode Fuzzy Hash: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                                                        • Instruction Fuzzy Hash: C4512A3661DA8591DE60EB14F8503DEB3A1FBC5780F904032EA8D87B69EE3DD559CB01
                                                                                        Function 00007FF626BEBA90 Relevance: 1.6, APIs: 1, Instructions: 95COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF626BEC520: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BEC53D
                                                                                          • Part of subcall function 00007FF626BEC520: _Max_value.LIBCPMTD ref: 00007FF626BEC562
                                                                                          • Part of subcall function 00007FF626BEC520: _Min_value.LIBCPMTD ref: 00007FF626BEC590
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BEBB3C
                                                                                          • Part of subcall function 00007FF626BE4310: std::_Xinvalid_argument.LIBCPMT ref: 00007FF626BE431B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_valueXinvalid_argumentstd::_
                                                                                        • String ID:
                                                                                        • API String ID: 142707115-0
                                                                                        • Opcode ID: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                                                        • Instruction ID: f184ec26afefa28dc75f13bad579e5a639ec547b8c3c8dc1c4c039c89a00effc
                                                                                        • Opcode Fuzzy Hash: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                                                        • Instruction Fuzzy Hash: B251A53661DB8581DA50DB56F89026EB7A4F7C9B80F501026FACE83B2ADF3DD450CB41
                                                                                        Function 000002733BE14E90 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000002733BE14FAE
                                                                                          • Part of subcall function 000002733BE0B7B0: __std_exception_copy.LIBVCRUNTIME ref: 000002733BE0B7F8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                                        • String ID:
                                                                                        • API String ID: 317858897-0
                                                                                        • Opcode ID: f89fcabff5973c8990e8b9f3a96863f7433ed84f5928a5ba91d490a207ffa240
                                                                                        • Instruction ID: e75e3396008712be89eb24fe651cc21f49cc5f065b72b257f9d529df187d59d8
                                                                                        • Opcode Fuzzy Hash: f89fcabff5973c8990e8b9f3a96863f7433ed84f5928a5ba91d490a207ffa240
                                                                                        • Instruction Fuzzy Hash: C931D663605B5081EE24EB19F0143ACA3A0A788FB4F3457619A7C07BD5EF78C6D2A380
                                                                                        Function 000002733BE1FE50 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000002733BE1FF58
                                                                                          • Part of subcall function 000002733BE0B7B0: __std_exception_copy.LIBVCRUNTIME ref: 000002733BE0B7F8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                                        • String ID:
                                                                                        • API String ID: 317858897-0
                                                                                        • Opcode ID: fb9bc674607e6dbb758638ef1881955e72912653ce32e17aa8df73ef9129921e
                                                                                        • Instruction ID: 4c32d7ed83bf12243a35f1baa8436169e57a289e54f414c2034b1ce059d79e91
                                                                                        • Opcode Fuzzy Hash: fb9bc674607e6dbb758638ef1881955e72912653ce32e17aa8df73ef9129921e
                                                                                        • Instruction Fuzzy Hash: 9621D762609B4041EE29FB19F1443E96290A748BA4F2447619A7C47BD3EB79C6D2A3C0
                                                                                        Function 000002733BE7D4D0 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                                                                        • Instruction ID: 406859816eb36ecaa894a63df4eda2617a58b9fbe13da3322bb85d10f74628aa
                                                                                        • Opcode Fuzzy Hash: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                                                                        • Instruction Fuzzy Hash: 3831A4B261C610C3FB31FBADE84A3DC2660A784B98F414385BA6D473D2DB78C641A791
                                                                                        Function 00007FF626BEF580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                                                        • Instruction ID: 0f84b5e53d384b6e37d37569b4d915063e92dc218e80580a4c4b7b8947b7872c
                                                                                        • Opcode Fuzzy Hash: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                                                        • Instruction Fuzzy Hash: 63314B66A1CB8186DB509B56E89032FA7A4FBC67D1F400076FACD83B69CF6DD0108B41
                                                                                        Function 000002733BE831A1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                        • String ID:
                                                                                        • API String ID: 3947729631-0
                                                                                        • Opcode ID: 530d5f225501611c07fa3f753d7d8dc80cca454b0254b6cc05cb90d306267795
                                                                                        • Instruction ID: 53292a646b06e9e8048cc889252e5e6cde4d5de418353f866d84683b4f4a74f8
                                                                                        • Opcode Fuzzy Hash: 530d5f225501611c07fa3f753d7d8dc80cca454b0254b6cc05cb90d306267795
                                                                                        • Instruction Fuzzy Hash: 23213D32A05A408AEB24EFACE4483EC37A0E744B19F544765E61D8BAD6EB34DA45D7C0
                                                                                        Function 000002733BE9E208 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                                                                        • Instruction ID: 4b5046754dac08ce90dc89d51ab7dc73a1f208074c9fd3755e7f2f20d414f3ee
                                                                                        • Opcode Fuzzy Hash: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                                                                        • Instruction Fuzzy Hash: 7F21C332208A4487EB71EF2CF4447A976A1F788B94F144364EB9D876D9DB3CCA089B40
                                                                                        Function 000002733BE9C510 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                                                                        • Instruction ID: a18617847aac0fa1df2063ec1b0293f6c7118249fba990ab040662c886f3b500
                                                                                        • Opcode Fuzzy Hash: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                                                                        • Instruction Fuzzy Hash: 38119D2270C65082EA70FF59B4093F9B2A0F786B80F444691EACD47B86CB3DC645A7C1
                                                                                        Function 00007FF626BEE170 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                                                        • Instruction ID: dd9444025f3dcfaeb919c9811f3224f0e03aa56dd6c610effc26d84edfc7b14e
                                                                                        • Opcode Fuzzy Hash: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                                                        • Instruction Fuzzy Hash: AD217C2691CAC181EEB0DB10E8513AEA7A0FBD6385F805471F6CEC3A9ACF2DD1558B41
                                                                                        Function 00007FF626BFBBF0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BFBC1C
                                                                                          • Part of subcall function 00007FF626BFF7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BFF846
                                                                                          • Part of subcall function 00007FF626BFF7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BFF855
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Concurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 2595383736-0
                                                                                        • Opcode ID: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                                                        • Instruction ID: f19b9a5eebf8ae057d4b220506078364cc37e00ffd3935d3530188eb09c2c78b
                                                                                        • Opcode Fuzzy Hash: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                                                        • Instruction Fuzzy Hash: 8421E336618F8881DA10DB15F88026EB7A4FBD9B84F901126FACD83B69DF3DD160CB40
                                                                                        Function 00007FF626BF8750 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BF875E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 1865873047-0
                                                                                        • Opcode ID: 1ad8e3f512f94af4e84cc218fd812ce07013cec5e36aa4d374ac0a216bf662a5
                                                                                        • Instruction ID: f506acd44fee946d426ab31da1c09d732d63cd83e03cd82367825b0547b55dc5
                                                                                        • Opcode Fuzzy Hash: 1ad8e3f512f94af4e84cc218fd812ce07013cec5e36aa4d374ac0a216bf662a5
                                                                                        • Instruction Fuzzy Hash: 14115236619F8881DB609B1AE89035EB7B1F7C9B94F505126EBCD87B69CF3DC5508B00
                                                                                        Function 00007FF626BFB970 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Byte_length.LIBCPMTD ref: 00007FF626BFB9F6
                                                                                          • Part of subcall function 00007FF626BFBBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BFBC1C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 2180140624-0
                                                                                        • Opcode ID: 3d721e314f6597f4f5539cc87ca23b51fab7460f1361a429639f5c59ef1ee461
                                                                                        • Instruction ID: 5e4fbdcc0894039237dfced6cdda59558c2474b57812580e05ca10f95955940d
                                                                                        • Opcode Fuzzy Hash: 3d721e314f6597f4f5539cc87ca23b51fab7460f1361a429639f5c59ef1ee461
                                                                                        • Instruction Fuzzy Hash: 5C11F426518A8582DA50DB25F89119EB7A0FBC6780F901126FBCD83B6ADF3DD121CB40
                                                                                        Function 00007FF626BFBAA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF626BFBB70: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BFBB7E
                                                                                        • _Byte_length.LIBCPMTD ref: 00007FF626BFBB26
                                                                                          • Part of subcall function 00007FF626BFBBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BFBC1C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Byte_lengthConcurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 3730899627-0
                                                                                        • Opcode ID: 44c7796c75c25c5c7709d50e7aab81eaeec602659a9d168cd4e954b65d0e7a9e
                                                                                        • Instruction ID: c9f6c50c48156af24194fbca227977f2abbb8fad5f1c1a6d79618912c4bcde73
                                                                                        • Opcode Fuzzy Hash: 44c7796c75c25c5c7709d50e7aab81eaeec602659a9d168cd4e954b65d0e7a9e
                                                                                        • Instruction Fuzzy Hash: 2311F426518A8582DA50DB25F89119EB7A0FBC6780FA01122FBCD83B6ADF3DD5218B40
                                                                                        Function 00007FF626BE7E40 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BE7E74
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 1865873047-0
                                                                                        • Opcode ID: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                                                        • Instruction ID: 0779bf6536f79ffaeb5f3ba3c379c5db21ac62f43032c1123d276d5b4eaa27a3
                                                                                        • Opcode Fuzzy Hash: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                                                        • Instruction Fuzzy Hash: DA117C66A18B4181DE20EB16E44036EA7A0FBC9BE8F440136EA8C87B69CF3DC154CB01
                                                                                        Function 000002733BE5ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: send
                                                                                        • String ID:
                                                                                        • API String ID: 2809346765-0
                                                                                        • Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                                        • Instruction ID: d8f0fb811eedd9356c258f5d1edb8c8dfab08d2e6f3d226b188500ae3eb70904
                                                                                        • Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                                        • Instruction Fuzzy Hash: 2101D625719A8481DB60DF1AF944259A7A0F788FD4F48A275EF5D43B4CDF28C9918780
                                                                                        Function 00007FF626BEF6A0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: type_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 3713626258-0
                                                                                        • Opcode ID: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                                                        • Instruction ID: 28378cca5c87c73e039da788a1767962e735803cdf69517e4742f5e8893b0ed3
                                                                                        • Opcode Fuzzy Hash: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                                                        • Instruction Fuzzy Hash: E4012A7662CB8681EB409B16E84022FA3A4FB96BC1F405071EACE87759CF3DD0208B41
                                                                                        Function 00007FF626BECD80 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo_noreturn
                                                                                        • String ID:
                                                                                        • API String ID: 3668304517-0
                                                                                        • Opcode ID: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                                                        • Instruction ID: e3db1f7b772bf09210fa7c6b77a2cfd73be0bb769386226dd66282437ffbbdd9
                                                                                        • Opcode Fuzzy Hash: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                                                        • Instruction Fuzzy Hash: 95019266659F4181DE609B28E84071FA7A0FF89395F401230F69CC2BD5DF2DC0208701
                                                                                        Function 000002733BE158F3 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileFindNext
                                                                                        • String ID:
                                                                                        • API String ID: 2029273394-0
                                                                                        • Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                                        • Instruction ID: 04ef76490035ad7a7363a8531cf0f2659a0151102e7791fbafe36c587174bde4
                                                                                        • Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                                        • Instruction Fuzzy Hash: 2A014F2621CA8081EA70DB56F85839AA364F788B94F804162DE9D43B59DE38C986CB40
                                                                                        Function 00007FF626BFC9F0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF626BFCA33
                                                                                          • Part of subcall function 00007FF626BEA910: allocator.LIBCONCRTD ref: 00007FF626BEA92B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                                                        • String ID:
                                                                                        • API String ID: 1755220593-0
                                                                                        • Opcode ID: 0be8727490954b9d9608c68c0c3e94e3c05ef35cc3da3c80f663008593293bb7
                                                                                        • Instruction ID: 5f1fc35e5352a6628fa89165bc6a10494ff94fc14c5ff5ec8360657fa70025e9
                                                                                        • Opcode Fuzzy Hash: 0be8727490954b9d9608c68c0c3e94e3c05ef35cc3da3c80f663008593293bb7
                                                                                        • Instruction Fuzzy Hash: 09015E36619F8482CA60DB0AF89011EB7A4F7C9B94F504125FACD83B29DF3DD1608B00
                                                                                        Function 000002733BE6ED2C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                                                                        • Instruction ID: 6d24227ea2afe2ffddcff32670a442bd9dc9770f4029a0fc538ea4e0ddb3248e
                                                                                        • Opcode Fuzzy Hash: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                                                                        • Instruction Fuzzy Hash: 2CE0D83121D64582EF35FBBDF14A3EC72649B147F0F144761B77C067C6DB2489506641
                                                                                        Function 00007FF626C35554 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                        • String ID:
                                                                                        • API String ID: 680105476-0
                                                                                        • Opcode ID: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                                                        • Instruction ID: ad06cf292f84c72464603d1c5962e39cc80cef6f5c4a60051b8a8935f48c6f3f
                                                                                        • Opcode Fuzzy Hash: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                                                        • Instruction Fuzzy Hash: AAE0EC40F4910B06FE2972AE5C251F911650F09770E6C2B30DD3EC96C7AD1EB4614712
                                                                                        Function 00007FF626BFBA40 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BFBA6A
                                                                                          • Part of subcall function 00007FF626BF7FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF80EF
                                                                                          • Part of subcall function 00007FF626BF7FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF626BF8197
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                                        • String ID:
                                                                                        • API String ID: 2443641946-0
                                                                                        • Opcode ID: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                                                        • Instruction ID: 396224714b8a4190fe83c19a76c0c42df09760bad7d12460af1e5c5e9f772e20
                                                                                        • Opcode Fuzzy Hash: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                                                        • Instruction Fuzzy Hash: D2F0DFB2518B8086CA60EB55F88111FB7A4FBC9794F001225FACD83B29DF7CC1208F44
                                                                                        Function 000002733BE997D0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileFindNext
                                                                                        • String ID:
                                                                                        • API String ID: 2029273394-0
                                                                                        • Opcode ID: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                                        • Instruction ID: 717fd8699d57096374660320536d5769cf14e439064b1728802eab6b9aebf898
                                                                                        • Opcode Fuzzy Hash: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                                        • Instruction Fuzzy Hash: B8C04C15F1E505C1E664BBBA6C4A2861694BF54700F8042A0C20C84150D92C82965691
                                                                                        Function 00007FF626BEA910 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: allocator
                                                                                        • String ID:
                                                                                        • API String ID: 3447690668-0
                                                                                        • Opcode ID: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                                                        • Instruction ID: 3df63913a5279f02becd880e8a4fd0994b3c731d0a6c4eaa1284c2b20c3f179b
                                                                                        • Opcode Fuzzy Hash: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                                                        • Instruction Fuzzy Hash: E6C0C966A29B84C1CA04EB12F88100E7760F7C8BC1F809421EA9E43729DF28C0608B00
                                                                                        Function 000002733BE9B3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InfoNativeSystem
                                                                                        • String ID:
                                                                                        • API String ID: 1721193555-0
                                                                                        • Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                                        • Instruction ID: eda5aba30bed3224d5181b29385bec63417c1bc2b45234399761854537b54a1a
                                                                                        • Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                                        • Instruction Fuzzy Hash: 14B09236A188C0C7C621FB08EC460497331FB94B0CFD00140E28D42A24CE2CCA2A8E40
                                                                                        Function 000002733BE7DEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                                                                        • Instruction ID: 12633a23f204e74d528455e7c371e63feee2e3ece8e1b711927983196f74fd88
                                                                                        • Opcode Fuzzy Hash: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                                                                        • Instruction Fuzzy Hash: 59F0A74131D24542FE78F7FA780E3E922905B44760F0897A07D7EC62C1DA2CC740B2D0
                                                                                        Function 00007FF626C264BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • HeapAlloc.KERNEL32(?,?,00000028,00007FF626C35573,?,?,?,00007FF626BE10A8), ref: 00007FF626C264FA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                                                        • Instruction ID: dcf7d6349862349369071f6c3afcb85a5389150d8145a8973178827ab9597781
                                                                                        • Opcode Fuzzy Hash: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                                                        • Instruction Fuzzy Hash: F0F08250F0820746FE54777B9D1027921A05F487B0F186730DC6EC6ACADE1EE8408322
                                                                                        Function 00007FF626BE26C0 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929734759.00007FF626BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF626BE0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1929716093.00007FF626BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626C4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929780439.00007FF626EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929930984.00007FF626F09000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1929951695.00007FF626F0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff626be0000_venomderek.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                                                        • Instruction ID: 5621fc3fb768bfcaf1131298477aa18eab5d7d786d87de37454977692e0f370f
                                                                                        • Opcode Fuzzy Hash: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                                                        • Instruction Fuzzy Hash: E0E0C976A18B8586DA20DB15E84031ABBB0F795785F600525EACD82B28CF7DC5648B40

                                                                                        Non-executed Functions

                                                                                        Function 000002733BE70D98 Relevance: 49.1, APIs: 25, Strings: 2, Instructions: 1888COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                                        • String ID: $
                                                                                        • API String ID: 2880407647-227171996
                                                                                        • Opcode ID: df87294ae73204ead43c2230939cbb6a00851c436377c9d63da8146f7a05de15
                                                                                        • Instruction ID: 73b54f69c65c17059b87955890657d8e1959155c8c50700f863093c3037acdd9
                                                                                        • Opcode Fuzzy Hash: df87294ae73204ead43c2230939cbb6a00851c436377c9d63da8146f7a05de15
                                                                                        • Instruction Fuzzy Hash: D403E1727182C08FE775DF29E9457EA37A1F745388F00525AEA0AA7B88D735DB00DB81
                                                                                        Function 000002733BE643F0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                                                                        • String ID: 0
                                                                                        • API String ID: 1424456515-4108050209
                                                                                        • Opcode ID: 32f950ddc635add2d1699f42f6a400c0ae9954aa12fa602d547c74856b1e7a01
                                                                                        • Instruction ID: f712de1dfeff121d014e077dea193f7b656c2b00e756b517ab621c21f9f509c6
                                                                                        • Opcode Fuzzy Hash: 32f950ddc635add2d1699f42f6a400c0ae9954aa12fa602d547c74856b1e7a01
                                                                                        • Instruction Fuzzy Hash: DAC2983662AF848AD790CF69E88169DB7B5F788B88F105219EECD57B18EF38C154C740
                                                                                        Function 000002733BDE6180 Relevance: 30.2, Strings: 24, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                                                                        • API String ID: 118556049-850610325
                                                                                        • Opcode ID: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                                                                        • Instruction ID: 8913f38113693468eff70c0a6833ff10f0091b9785a9efbe1aea1c40cc422234
                                                                                        • Opcode Fuzzy Hash: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                                                                        • Instruction Fuzzy Hash: 06C16853E64FC984E731DB39EC913E95321FBEA384F616306A94C66856EB68D3C4C780
                                                                                        Function 000002733BDE5DB0 Relevance: 25.2, Strings: 20, Instructions: 202COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
                                                                                        • API String ID: 118556049-2722463023
                                                                                        • Opcode ID: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                                                                        • Instruction ID: 2f46dc3a0e69354ec60483291bcb4e1918e2cb6e807402c62415f7e54a347e63
                                                                                        • Opcode Fuzzy Hash: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                                                                        • Instruction Fuzzy Hash: 34A16A53E64FC984E721DB39EC813E95321FBEA384F616306B58C66956EB68D3C4C780
                                                                                        Function 000002733BE2E320 Relevance: 24.1, APIs: 2, Strings: 11, Instructions: 1388COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: #base$#include$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                        • API String ID: 118556049-1838291449
                                                                                        • Opcode ID: 1eae8de794e03fd13853270179dbff7d78e1c17fe90ce638cf8561d323380b6d
                                                                                        • Instruction ID: e231d4db12f75c105036c4ad04ee758a193e482ea5727d3e3bceb516b2ee8288
                                                                                        • Opcode Fuzzy Hash: 1eae8de794e03fd13853270179dbff7d78e1c17fe90ce638cf8561d323380b6d
                                                                                        • Instruction Fuzzy Hash: D9E28F62609BC485EB70EF29E8583DC23A1F749798F445252DA8D0FA99DF78C785E380
                                                                                        Function 000002733BE63CF0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                                        • String ID: File$NtDuplicateObject$ntdll.dll
                                                                                        • API String ID: 2729825427-3955674919
                                                                                        • Opcode ID: e73f351450d56223bf4f72c0c3e8cb8fdb1fb8073cfcdec0185471134d98f972
                                                                                        • Instruction ID: 2813ef3589df1f1c604ef8e476f376129fe75ae669d3b186a6f8f086e51656b9
                                                                                        • Opcode Fuzzy Hash: e73f351450d56223bf4f72c0c3e8cb8fdb1fb8073cfcdec0185471134d98f972
                                                                                        • Instruction Fuzzy Hash: 20E1C763B18B4489FB20EB69E4183ED37B1E785B98F008251DE5D57B99DF38C649E380
                                                                                        Function 000002733BE4F040 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Initialize
                                                                                        • String ID: @
                                                                                        • API String ID: 2538663250-2766056989
                                                                                        • Opcode ID: 5d8e7ad81b0fcc374419499b8eac6586b7246bad0c5703c9b4cf51271faea9e0
                                                                                        • Instruction ID: 137929aca04e7eee2f791de7256311ab89293bed0da08df450c5a5f855fc86c2
                                                                                        • Opcode Fuzzy Hash: 5d8e7ad81b0fcc374419499b8eac6586b7246bad0c5703c9b4cf51271faea9e0
                                                                                        • Instruction Fuzzy Hash: 75A16B32B08A408AE720EF69E4587ED77A1FB88B88F004755DE5E53A94DF38C294D3C4
                                                                                        Function 000002733BE551E0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExecuteShell
                                                                                        • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                                                                        • API String ID: 587946157-4093014531
                                                                                        • Opcode ID: d4e8431afe3376545c53f37e1320ae35648a1dab89cf9caa113fe4c0557abcf9
                                                                                        • Instruction ID: 79742c3653cf858276c7b845fbca55420d12127b4cd099e01570d7242d9208ff
                                                                                        • Opcode Fuzzy Hash: d4e8431afe3376545c53f37e1320ae35648a1dab89cf9caa113fe4c0557abcf9
                                                                                        • Instruction Fuzzy Hash: B522B273A14B8085EB20EF28F8483DD37A1F785798F505356EA6D47AA9DF78C684D380
                                                                                        Function 000002733BE64740 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                                                        • String ID: 0
                                                                                        • API String ID: 3636535045-4108050209
                                                                                        • Opcode ID: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                                        • Instruction ID: 1401ede1d51750529cdf60296b62f0c745b2bd654d817248219bbbcbc7eada97
                                                                                        • Opcode Fuzzy Hash: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                                        • Instruction Fuzzy Hash: 90B2963662AFC48AD7908F69F88165EB7B4F788B88B106215FECD57B18EB38C154C740
                                                                                        Function 000002733BE5AE50 Relevance: 13.2, APIs: 2, Strings: 4, Instructions: 2695COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
                                                                                        • API String ID: 118556049-2711811579
                                                                                        • Opcode ID: bdac1862b3103ddd7eebdf4cf225da5ffd56aea09f18ced9723e213cf3d00643
                                                                                        • Instruction ID: 11018bdc34b39522551c0b51a4e18341a209eb923dda8de6084a2dcfff8c6933
                                                                                        • Opcode Fuzzy Hash: bdac1862b3103ddd7eebdf4cf225da5ffd56aea09f18ced9723e213cf3d00643
                                                                                        • Instruction Fuzzy Hash: 43536872604BC489EB70EF28E8843DD33A5F745798F509652DA9D5BA9AEF34C384D380
                                                                                        Function 000002733BE86F14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                        • String ID: utf8
                                                                                        • API String ID: 3069159798-905460609
                                                                                        • Opcode ID: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                                                                        • Instruction ID: caddb817527bea916d2f0afaf9585ede10dc08bdca8307772d3b6a4739476ec3
                                                                                        • Opcode Fuzzy Hash: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                                                                        • Instruction Fuzzy Hash: CB91AC32208B548AEB35FF69F8493D923A4EB44F81F4482A59E5D87B95DB38C651F3C0
                                                                                        Function 000002733BE8795C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                        • String ID:
                                                                                        • API String ID: 2591520935-0
                                                                                        • Opcode ID: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
                                                                                        • Instruction ID: 847f52b61a5241eeaa2636f3ecb27d894f9d3c564528bd539db89b9951277d01
                                                                                        • Opcode Fuzzy Hash: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
                                                                                        • Instruction Fuzzy Hash: 2871AE22708A208AFB31FB68E8587EC37A1BB44B45F4446958E1D93795EB38CB45F3D0
                                                                                        Function 000002733BE44710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: value
                                                                                        • API String ID: 2453523683-494360628
                                                                                        • Opcode ID: d8079469438c76c455d78d95ed1c5fb7a9ae88cd4ed4e617ee21c392c85c9ee3
                                                                                        • Instruction ID: 9de941b250da5df071380d4dc1a56649f13a9837f6c3ff8f3c85f7a77f9fe18f
                                                                                        • Opcode Fuzzy Hash: d8079469438c76c455d78d95ed1c5fb7a9ae88cd4ed4e617ee21c392c85c9ee3
                                                                                        • Instruction Fuzzy Hash: 78028023618BC085EB20EB78E4883DD6761E7857A4F505345FAAD46AEADF78C285D380
                                                                                        Function 000002733BE6F920 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1239891234-0
                                                                                        • Opcode ID: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                                                                        • Instruction ID: 69294fc8e5774aa94c573d751a352c2795c8d29c041eba812c19b1cfd2c18c52
                                                                                        • Opcode Fuzzy Hash: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                                                                        • Instruction Fuzzy Hash: AB316D32208F8086DB60DF29F8543DE77A4F788758F500256EA9D83BA9DF38C255CB80
                                                                                        Function 000002733BE19090 Relevance: 8.4, Strings: 6, Instructions: 916COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
                                                                                        • API String ID: 0-2980817763
                                                                                        • Opcode ID: 833d3c7573def018ecc169852d0d824ba7ec02980bf308f9684f5db428169dd9
                                                                                        • Instruction ID: a527d82c5cc210697095804116ea88d6f071e51f9775dc1390315a1335c51667
                                                                                        • Opcode Fuzzy Hash: 833d3c7573def018ecc169852d0d824ba7ec02980bf308f9684f5db428169dd9
                                                                                        • Instruction Fuzzy Hash: D5A23772615BC489DB30EF28E8883DD73A4F799758F505715EAAD0BA99EB74C380D380
                                                                                        Function 000002733BE17B8D Relevance: 7.4, Strings: 5, Instructions: 1142COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: config$content$filename$status$users
                                                                                        • API String ID: 0-2677590375
                                                                                        • Opcode ID: f539712530b03446ac0b0426c38f7a64498a735a0b888b08579129151238c1ba
                                                                                        • Instruction ID: 67b2ad6baf973966f1d3123528061c01b98dbdd03de30ac712dccc525c90255f
                                                                                        • Opcode Fuzzy Hash: f539712530b03446ac0b0426c38f7a64498a735a0b888b08579129151238c1ba
                                                                                        • Instruction Fuzzy Hash: 2AC25F62614BC489DB30EF39E8483DD63A1F789798F505352DA9D4BA9AEF38C744D380
                                                                                        Function 000002733BE9BB14 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000002733BE9BB97
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                        • API String ID: 389471666-631824599
                                                                                        • Opcode ID: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                                                                        • Instruction ID: 1d5d293278318b6a6540fcdfddbe4eb7fbf5da18cad944f0100dc9825650e4af
                                                                                        • Opcode Fuzzy Hash: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                                                                        • Instruction Fuzzy Hash: 67117032719B40A7F724EB2AF6983E933A4FB44344F404265C64D83A95EF38D6B8D790
                                                                                        Function 000002733BE102E0 Relevance: 7.0, Strings: 5, Instructions: 747COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                                        • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                                        • API String ID: 3645842244-3429737954
                                                                                        • Opcode ID: 2bd8e771037fae78b4a7704eae2c65f1f390640e78d4026f0107fdfd41d83f2b
                                                                                        • Instruction ID: bb68f81b390c724ebc8213bc7e3dd4c3f5719db616c0cb6238491b596cb46515
                                                                                        • Opcode Fuzzy Hash: 2bd8e771037fae78b4a7704eae2c65f1f390640e78d4026f0107fdfd41d83f2b
                                                                                        • Instruction Fuzzy Hash: 38727F32605BC489EB71EF39E8843DD6360F789798F549311DA8D47AAAEF74C684D380
                                                                                        Function 000002733BE77348 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                                        • String ID:
                                                                                        • API String ID: 3562403962-0
                                                                                        • Opcode ID: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                                                                        • Instruction ID: e27b04fcc33e3e72d434f0e10d1a4a3eb4dd99acd03f6a48c0b28c4b65471aec
                                                                                        • Opcode Fuzzy Hash: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                                                                        • Instruction Fuzzy Hash: E5316F32314A809EDB20DF35E8587D937A5F748B88F544125EE4D87B58DF38D645E780
                                                                                        Function 000002733BE8DC18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                                                                        • Instruction ID: acca0e27b4797934073b2dcd3129aa73f8c2150453125b2fe47418c44e8d476d
                                                                                        • Opcode Fuzzy Hash: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                                                                        • Instruction Fuzzy Hash: 64112A26B19F008AEB10EF64EC593E833A4F759758F441E25EE6D867A4DF78C2549380
                                                                                        Function 000002733BE48950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 376COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_copy
                                                                                        • String ID: parse_error$value
                                                                                        • API String ID: 592178966-1739288027
                                                                                        • Opcode ID: 39d835905aa6b7c2ed12fb8f3e31f8b5b762354f030d9cb89747d84211925f6d
                                                                                        • Instruction ID: 201e7753f1036f35c38e09899a510608003fd0b3aba7479aba881bec3ce5ac3d
                                                                                        • Opcode Fuzzy Hash: 39d835905aa6b7c2ed12fb8f3e31f8b5b762354f030d9cb89747d84211925f6d
                                                                                        • Instruction Fuzzy Hash: BEF12962B18A8085EB20EF78F8593DD2362F795798F505342EA5C53ADADF78C684D3C0
                                                                                        Function 000002733BE1A1F0 Relevance: 5.6, Strings: 4, Instructions: 609COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: content$directory_iterator::directory_iterator$exists$filename
                                                                                        • API String ID: 0-1400943384
                                                                                        • Opcode ID: 4bd146e3f36fd3e06c7fbe5575cde876809c13f6274d8d983ab17c912c2d9fa6
                                                                                        • Instruction ID: 2da8ce88ca9137b16870a2e2986112e6b7737bccdf9e32ce27add0a95c35935e
                                                                                        • Opcode Fuzzy Hash: 4bd146e3f36fd3e06c7fbe5575cde876809c13f6274d8d983ab17c912c2d9fa6
                                                                                        • Instruction Fuzzy Hash: 88527D72618BC489EB20EF29E8443ED73A1F789798F505311EA9D47B99EF78C644D380
                                                                                        Function 000002733BE6B68A Relevance: 5.6, Strings: 4, Instructions: 563COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: array$object$object key$object separator
                                                                                        • API String ID: 2453523683-2277530871
                                                                                        • Opcode ID: 43f70c2747cb064c93220a075d88978496723fb5864f4b085be8b831dc7a4b29
                                                                                        • Instruction ID: c853c7a65ab766278d22aeeddd61f9bc580ec52499ec3d84b47622b4a0b230a7
                                                                                        • Opcode Fuzzy Hash: 43f70c2747cb064c93220a075d88978496723fb5864f4b085be8b831dc7a4b29
                                                                                        • Instruction Fuzzy Hash: C932F86262CA8496EB20FF38E4493ED6361F796784F802752EA4D4769AEF74C744D3C0
                                                                                        Function 000002733BE819B8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1286766494-0
                                                                                        • Opcode ID: 3362572290862af57679fdc4baef7ebaaf60df3fe4e64099d27ff34f0326e21c
                                                                                        • Instruction ID: 8539e98f91f13f7aa30448969d1cf00512b1550f2354a0df5cc4c94123682a01
                                                                                        • Opcode Fuzzy Hash: 3362572290862af57679fdc4baef7ebaaf60df3fe4e64099d27ff34f0326e21c
                                                                                        • Instruction Fuzzy Hash: 2C92D337608A4086EB74EF28E5583E937A1F749F86F144295DB8D87B94DB39CA10E3C1
                                                                                        Function 000002733BE99480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FormatInfoLocaleMessage
                                                                                        • String ID: !x-sys-default-locale
                                                                                        • API String ID: 4235545615-2729719199
                                                                                        • Opcode ID: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                                                                        • Instruction ID: bcaa18581c9a2854d21d87e4d75ba3b12c44136e2215fb574a08edef1ffe3d48
                                                                                        • Opcode Fuzzy Hash: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                                                                        • Instruction Fuzzy Hash: 64018072B0878082E731DB16F458BDA77A1F384784F444265DA8D46B94CB3CC644D780
                                                                                        Function 000002733BE72CD0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: memcpy_s
                                                                                        • String ID:
                                                                                        • API String ID: 1502251526-0
                                                                                        • Opcode ID: e899307af8ea146bffc4d3d3e4071cf966dfaa801a3502f7d3bb1face14528cf
                                                                                        • Instruction ID: 95680927bad3c0742a88d3d8b918976a6526ed9092da4deaa095e6a3b749b1cc
                                                                                        • Opcode Fuzzy Hash: e899307af8ea146bffc4d3d3e4071cf966dfaa801a3502f7d3bb1face14528cf
                                                                                        • Instruction Fuzzy Hash: 87C1267271828587EB74DF19F049BAAB7A1F385B84F448325EB4E47744DB39DA01DB80
                                                                                        Function 000002733BE873D8 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1791019856-0
                                                                                        • Opcode ID: 90d945be40b20d5b5a3c3d7ca8cbaa30e5ffd7f5627642ea07c20393f480da84
                                                                                        • Instruction ID: 9b454a990885861a22375fd91e8e5e0cd05888dd211e89eeee020f1aafabe6e7
                                                                                        • Opcode Fuzzy Hash: 90d945be40b20d5b5a3c3d7ca8cbaa30e5ffd7f5627642ea07c20393f480da84
                                                                                        • Instruction Fuzzy Hash: 2061C232208A518AEB34EF19F5443D973A1F794B42F448265CBAED36D1DB38CA51E7C0
                                                                                        Function 000002733BE506A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 2OWqJZldB3s=$port$rXwr2/Mp0kvTmn+hdCWeFmDWltFpcKXkn/UOvH+3cNE=
                                                                                        • API String ID: 0-1454942929
                                                                                        • Opcode ID: ba2a10dd3913f3c332fd5c3c90ebe30a568b94afc7d9096fa0730c63614e1e9a
                                                                                        • Instruction ID: 99b0add7a8d9843864a116a802740c3f2ac9809dc73857efc01a71428470e754
                                                                                        • Opcode Fuzzy Hash: ba2a10dd3913f3c332fd5c3c90ebe30a568b94afc7d9096fa0730c63614e1e9a
                                                                                        • Instruction Fuzzy Hash: B2724D62629BC485EA70DB29F4443DAB3A4F7D9784F506316EBCD13B59EB38C285CB40
                                                                                        Function 000002733BE7E6F8 Relevance: 3.9, Strings: 3, Instructions: 144COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -$e+000$gfff
                                                                                        • API String ID: 0-2620144452
                                                                                        • Opcode ID: 98053ffb1976fa170abe9b1bb0e1772ad042855cb6c6921980abe163712f36bc
                                                                                        • Instruction ID: 3ab80afbf6a4099c1a8ccefd64899ca63414a4a3a159ddbf10c09eabc9e8f716
                                                                                        • Opcode Fuzzy Hash: 98053ffb1976fa170abe9b1bb0e1772ad042855cb6c6921980abe163712f36bc
                                                                                        • Instruction Fuzzy Hash: 715158227186C847F734DF3DE80A7997B95E344B94F0883A1EBA84BAC5CB39C6459740
                                                                                        Function 000002733BE16130 Relevance: 3.9, Strings: 2, Instructions: 1357COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Software$exists
                                                                                        • API String ID: 0-2364128853
                                                                                        • Opcode ID: 761ced2a65119f44101c2f14138bdfa80631db8d7e5de70251e0e18ca2b171f4
                                                                                        • Instruction ID: 9f9359f73af267f25e77d830ee5e42db3d0dc363184b12c5b8f7d08299f9b807
                                                                                        • Opcode Fuzzy Hash: 761ced2a65119f44101c2f14138bdfa80631db8d7e5de70251e0e18ca2b171f4
                                                                                        • Instruction Fuzzy Hash: 71D28F72A14BC48AEB20DF29E8443DD73A0F789B98F205311EA9D57B99DF74C681D380
                                                                                        Function 000002733BE286D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: vector<bool> too long
                                                                                        • API String ID: 118556049-842332957
                                                                                        • Opcode ID: 5e5dad2012ea5acabc522e9de574ed675c6e8c918c03473d29ea86333b560bd6
                                                                                        • Instruction ID: 3190f11d8a4555b21f2281523336b80b238949e59261f205e7902b6e0a2a57a9
                                                                                        • Opcode Fuzzy Hash: 5e5dad2012ea5acabc522e9de574ed675c6e8c918c03473d29ea86333b560bd6
                                                                                        • Instruction Fuzzy Hash: 4EC1E323A18B8489EB20EF29E8043ED7360F799798F145352EE9C17B99DF34D681D780
                                                                                        Function 000002733BE2E130 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 310COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: conditional not closed
                                                                                        • API String ID: 118556049-2481790218
                                                                                        • Opcode ID: a092b3c905e44d2a0e2adb6f822cad285ab4fe952a7320ad46965cb85d2a1130
                                                                                        • Instruction ID: 916bcb9b3c61c36515f86776862cb19471b5985ea27409a91403674d2a735136
                                                                                        • Opcode Fuzzy Hash: a092b3c905e44d2a0e2adb6f822cad285ab4fe952a7320ad46965cb85d2a1130
                                                                                        • Instruction Fuzzy Hash: 6DD19032609B9884EB30EF28F8443ED77A4F759784F515352EA8D0BB99DB78C680D380
                                                                                        Function 000002733BE7C1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InfoLocale
                                                                                        • String ID: GetLocaleInfoEx
                                                                                        • API String ID: 2299586839-2904428671
                                                                                        • Opcode ID: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                                                                        • Instruction ID: bfe2e4e3b8e17e91ae01249697c9ebc0ac884ff071b54e4a4786397d5c6a94ca
                                                                                        • Opcode Fuzzy Hash: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                                                                        • Instruction Fuzzy Hash: 2D01A72170CA9086EB10EB5EB4082CAA764EB84BD0F544266EF4D03B55CE3CC74197C0
                                                                                        Function 000002733BE56760 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExecuteFileModuleNameShell
                                                                                        • String ID:
                                                                                        • API String ID: 1703432166-0
                                                                                        • Opcode ID: 2b440cbbc29e2f737a28ae711106fe06bd577105ffad854fe73dfa4e0e149c9e
                                                                                        • Instruction ID: 0dddbfb3c0adfb426a40b69ce312910a2dff84dda7fba5030e3e51ff5cda8ac3
                                                                                        • Opcode Fuzzy Hash: 2b440cbbc29e2f737a28ae711106fe06bd577105ffad854fe73dfa4e0e149c9e
                                                                                        • Instruction Fuzzy Hash: 71121A72629FC48AEB50CF29E88469EB3A4F788798F505215FEDD57B58EB38C250C740
                                                                                        Function 000002733BE7F7F4 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                        • String ID:
                                                                                        • API String ID: 15204871-0
                                                                                        • Opcode ID: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                                        • Instruction ID: dbb7ca100a008a5bb214b79e82f562ebd642e44fc4c38d3cdb12bc09e1018345
                                                                                        • Opcode Fuzzy Hash: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                                        • Instruction Fuzzy Hash: B0B14E73604B848BEB25DF2DD44A39C7BA0F384B48F158A51EBAD877A8CB39C551D780
                                                                                        Function 000002733BE8A438 Relevance: 3.2, APIs: 2, Instructions: 208COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorHeapLast_invalid_parameter_noinfo$AllocFree
                                                                                        • String ID:
                                                                                        • API String ID: 749460637-0
                                                                                        • Opcode ID: e4bbda4b5f8ad799fda78e60f613521156d14bb6a0c8542167753a01ce82eeb7
                                                                                        • Instruction ID: e1a33de5570a956f1b2cc2bb6c78c17a02ddbf6f9f5df86051fff0cc59b36022
                                                                                        • Opcode Fuzzy Hash: e4bbda4b5f8ad799fda78e60f613521156d14bb6a0c8542167753a01ce82eeb7
                                                                                        • Instruction Fuzzy Hash: 65613B21309A4142F731EF2EB4197DE7391BB84FC1F44A665AE4D87B89EE38C641A7C0
                                                                                        Function 000002733BE60500 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DevicesDisplayEnum
                                                                                        • String ID:
                                                                                        • API String ID: 2211661463-0
                                                                                        • Opcode ID: dae9a20b671f3fdb57962e76ab31133efb3a4fe43fd7e5f46b885fb615cc4ba8
                                                                                        • Instruction ID: 3e6ca2dbc67744136fbba2a32f55985fafb1c4cd353bb7ac705d4ccce211ef55
                                                                                        • Opcode Fuzzy Hash: dae9a20b671f3fdb57962e76ab31133efb3a4fe43fd7e5f46b885fb615cc4ba8
                                                                                        • Instruction Fuzzy Hash: 5E81DD32618B8086E720DB29F8487DE77A4F388798F505315EE9C17B99DF78D680DB80
                                                                                        Function 000002733BE15EE0 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CryptDataFreeLocalUnprotect
                                                                                        • String ID:
                                                                                        • API String ID: 1561624719-0
                                                                                        • Opcode ID: 60ba65b85ff1364b8bbb854b1ddae10ed61528731cf39e516168ca6a7b136fbf
                                                                                        • Instruction ID: 61f2da1c2f7ca74215a7cec4705d7e1f40cd06b936717788eb23afc5f2743ad9
                                                                                        • Opcode Fuzzy Hash: 60ba65b85ff1364b8bbb854b1ddae10ed61528731cf39e516168ca6a7b136fbf
                                                                                        • Instruction Fuzzy Hash: 51618E32B18B808AF720EF78E4443DD73A5E75878CF108255EA8D16B89DB78C694E380
                                                                                        Function 000002733BE521C0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CryptDataFreeLocalProtect
                                                                                        • String ID:
                                                                                        • API String ID: 2714945720-0
                                                                                        • Opcode ID: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                                                                        • Instruction ID: bf459aeb90c002bf97cef2e0f92c107b35d81826b832a8753a89b68a1b04b37f
                                                                                        • Opcode Fuzzy Hash: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                                                                        • Instruction Fuzzy Hash: 32415A33618B80CAE320DF78E4443DD37A4F75978CF044269AA8C06E8ADB79C6A4D384
                                                                                        Function 000002733BE528C0 Relevance: 3.0, Strings: 2, Instructions: 529COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: %$+
                                                                                        • API String ID: 0-2626897407
                                                                                        • Opcode ID: 47481408fe68075db2785b5e844cff1b171eed9e7e7d6e8885d4ee60d43f52b6
                                                                                        • Instruction ID: 57e317a89b6fdf4d9cafe164719758b43e5e1ea345407f951b87f6a18348c70e
                                                                                        • Opcode Fuzzy Hash: 47481408fe68075db2785b5e844cff1b171eed9e7e7d6e8885d4ee60d43f52b6
                                                                                        • Instruction Fuzzy Hash: 55224723B18A848AFB31DB68F4543ED67A1E755788F044352DE4D17BD9DB38C685E380
                                                                                        Function 000002733BE829F4 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: a/p$am/pm
                                                                                        • API String ID: 0-3206640213
                                                                                        • Opcode ID: 84aeccd4d3097aa3e4106772785546d072a9ec9c45404e341c4189bc1fea45af
                                                                                        • Instruction ID: 300b56a40df95a61ea0fc6fac965a1ed4ad795b1e95948e12e4d2123641893c5
                                                                                        • Opcode Fuzzy Hash: 84aeccd4d3097aa3e4106772785546d072a9ec9c45404e341c4189bc1fea45af
                                                                                        • Instruction Fuzzy Hash: 1BE1B122A08A4085E779EF5CE51C7F923A1F750B86F554386EA0E87AD4DB38CB41E3C4
                                                                                        Function 000002733BE0FEE0 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: dumps$emoji
                                                                                        • API String ID: 0-2873254224
                                                                                        • Opcode ID: f7c1d0fb9677e435d25e24cad687abe55fd77fc57aacf0daad7dd5b9b370ae1b
                                                                                        • Instruction ID: dd3564d6a2bfe05f66a18c405d0274a3bebb0f59512bb8945f6d0b65a252a2a2
                                                                                        • Opcode Fuzzy Hash: f7c1d0fb9677e435d25e24cad687abe55fd77fc57aacf0daad7dd5b9b370ae1b
                                                                                        • Instruction Fuzzy Hash: 9FB12D22928FC486D761CB29F88069AB7A4F799784F546315FECD13B59DB38C290CB40
                                                                                        Function 000002733BE355B0 Relevance: 2.0, APIs: 1, Instructions: 455COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 4b36fa1ee17c00e8d4283eaa3040d7c0ce3822ad195cc72d12b51e8c60e25bb5
                                                                                        • Instruction ID: 2e64d3b3ff68ebb4bb8cb2b5b7fc49ade7a4847151477c0ad324d7a7088fa635
                                                                                        • Opcode Fuzzy Hash: 4b36fa1ee17c00e8d4283eaa3040d7c0ce3822ad195cc72d12b51e8c60e25bb5
                                                                                        • Instruction Fuzzy Hash: 9F02EF62705B8485EB21EF6AE0483DE73B1E348B98F449652DFAC17795EF38C685C380
                                                                                        Function 000002733BE84D78 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Info
                                                                                        • String ID:
                                                                                        • API String ID: 1807457897-0
                                                                                        • Opcode ID: ebd1e3fd5c9ef18ab74b8e9e539302d76e319a11c17bfe9c3af0665a03d7a06d
                                                                                        • Instruction ID: 413b8cfc2eb3371be8ddebe18b5f8fe2695ce607456e4d48fcb8f010e8b16c28
                                                                                        • Opcode Fuzzy Hash: ebd1e3fd5c9ef18ab74b8e9e539302d76e319a11c17bfe9c3af0665a03d7a06d
                                                                                        • Instruction Fuzzy Hash: 0612BC22A08BC486E761DF3CA4193ED73A4F758B49F459355EB9C82692EF74D281D380
                                                                                        Function 000002733BE854E8 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a1d4f562fad0ae8194edac45898e7cb718dfe290c275f32723fdee9f334670f5
                                                                                        • Instruction ID: 66270191529e3a108c226870d833ed6a25d3e2a2d73955d53dbd12dcf6c27330
                                                                                        • Opcode Fuzzy Hash: a1d4f562fad0ae8194edac45898e7cb718dfe290c275f32723fdee9f334670f5
                                                                                        • Instruction Fuzzy Hash: F3E18032608F8486EB20EB65F4456EE77A4F794B88F4046229F9D93B56EF38C345D380
                                                                                        Function 000002733BE4CF70 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: c06b593c725dc07872aa154df743db2783a7f6756c4fde3946b93bd7402ecb75
                                                                                        • Instruction ID: 12bda1af36134e47ad14cfb15d0730a9ee59037588e1b90986b38dfb4a4dd2e1
                                                                                        • Opcode Fuzzy Hash: c06b593c725dc07872aa154df743db2783a7f6756c4fde3946b93bd7402ecb75
                                                                                        • Instruction Fuzzy Hash: 91A1BA22709B9889FB10DBA9E4843EC37B0F359B48F548656DF8E53B59DB38C691D380
                                                                                        Function 000002733BE4CC50 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 50a55a3ba420cf9c46d51042fa6837dcd9d920783ad03091e359f59e14185712
                                                                                        • Instruction ID: a312aeda0cd9b90d5edbe121f20cf5f5704ce1e33f35727b1c159429979d808a
                                                                                        • Opcode Fuzzy Hash: 50a55a3ba420cf9c46d51042fa6837dcd9d920783ad03091e359f59e14185712
                                                                                        • Instruction Fuzzy Hash: DFA1CB22709BA889FB20CB69E4843EC37B0F359B48F548656DF8D53B59DB38C291D380
                                                                                        Function 000002733BE4C930 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: f00762eceee1fdbe069b05ad4d53d399861816b59c8adad253d3f5e0714af0d5
                                                                                        • Instruction ID: e409957f09791bdad4dd12fbc907dd4813c4e023c4b633e4d9b855dc9d9344fa
                                                                                        • Opcode Fuzzy Hash: f00762eceee1fdbe069b05ad4d53d399861816b59c8adad253d3f5e0714af0d5
                                                                                        • Instruction Fuzzy Hash: A0A1AC22709BA889EB20DB6AE4843EC7770F358B48F548656CF8D57B55DB38C291D390
                                                                                        Function 000002733BE4C600 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: f77224b4a8fa35b9d78d45c826c3399db25f702fe04158d418ed51350959cbf1
                                                                                        • Instruction ID: 62aed1805406f837477f9c76e9bfd07f025da98c4222cab81d586d4ca926c0e4
                                                                                        • Opcode Fuzzy Hash: f77224b4a8fa35b9d78d45c826c3399db25f702fe04158d418ed51350959cbf1
                                                                                        • Instruction Fuzzy Hash: 7DA1A922B19BA889EB10CBBAE4843EC37B0F359B48F548256DF8D57B55DB38D191D380
                                                                                        Function 000002733BE4C300 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 2fa0959a887917298f33a60bd5e688b3df7c74c0dc06e6495990c16b151b7d2a
                                                                                        • Instruction ID: d65cff17f9ddd8240a2c0af90046de7a39278af16567f5f6a7ad82cb97062ba1
                                                                                        • Opcode Fuzzy Hash: 2fa0959a887917298f33a60bd5e688b3df7c74c0dc06e6495990c16b151b7d2a
                                                                                        • Instruction Fuzzy Hash: 3BA1BC22709BA889EB20DB69E4843EC37B0F319B48F548656CF8D57B95DB38C290D390
                                                                                        Function 000002733BE4D2A0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 7b2aa9d5b68e4baef185b3c85445150f1967f249de06819966022115a2a2ec44
                                                                                        • Instruction ID: 56fab9f8205fc3355c45f243e0c4e1c741b0711c24540b21a1ec79d3ff3c9863
                                                                                        • Opcode Fuzzy Hash: 7b2aa9d5b68e4baef185b3c85445150f1967f249de06819966022115a2a2ec44
                                                                                        • Instruction Fuzzy Hash: B2A18822609B9889EB20DBA9E4883EC37B0F359B48F548556CF8D57B95DF38C690D380
                                                                                        Function 000002733BE87620 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLastValue$InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 673564084-0
                                                                                        • Opcode ID: 1d8e405bb44b78bdea7029598407ccfb6a808eb35fd889ed9364ebfb982fc4a2
                                                                                        • Instruction ID: 19deb41378311e072664618be0171635381e3f838b2370b1e71f921ff766faab
                                                                                        • Opcode Fuzzy Hash: 1d8e405bb44b78bdea7029598407ccfb6a808eb35fd889ed9364ebfb982fc4a2
                                                                                        • Instruction Fuzzy Hash: F431C332608B8186EB34EB2EF4453DA73A1F794B82F4482659A4DC3295DF38CA41F7C0
                                                                                        Function 000002733BE87270 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                        • String ID:
                                                                                        • API String ID: 3029459697-0
                                                                                        • Opcode ID: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                                                                        • Instruction ID: ef7df8d3cbeb7eca5575777d8de7cae7f38d6c2a73aaca540f38d1c7f29ba555
                                                                                        • Opcode Fuzzy Hash: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                                                                        • Instruction Fuzzy Hash: 5D11E7A3A18A548AEB35EF2AE0847D97BA0F750FE1F444215D659873D4CA34C6D1E7C0
                                                                                        Function 000002733BE39A10 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: .
                                                                                        • API String ID: 0-248832578
                                                                                        • Opcode ID: c186bb128fa46274ed6aa0f5693762bd7565d34954179943d2f20e1eed1b66ee
                                                                                        • Instruction ID: ca4c619adeda6a2915ec48f1eb3d7914c80152e119f4741158204717e9d224e1
                                                                                        • Opcode Fuzzy Hash: c186bb128fa46274ed6aa0f5693762bd7565d34954179943d2f20e1eed1b66ee
                                                                                        • Instruction Fuzzy Hash: 86C1813A208B8486EB70EF2EE4483E963E1F748794F945351EA9E43794DF78CA41D390
                                                                                        Function 000002733BE87340 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                        • String ID:
                                                                                        • API String ID: 3029459697-0
                                                                                        • Opcode ID: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                                                                        • Instruction ID: 9f36327fadea799f341c5848f1f9b4645c53c7daee92f5fd776af2bb4eee8f34
                                                                                        • Opcode Fuzzy Hash: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                                                                        • Instruction Fuzzy Hash: 0701B56271CA9086E720AF19F4487DDB6A1E740FA6F458361DA69872C4C7748681B7C1
                                                                                        Function 000002733BE4F1B5 Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: BlanketCreateInstanceProxy
                                                                                        • String ID:
                                                                                        • API String ID: 1899829610-0
                                                                                        • Opcode ID: a787f5c70b0da52dd39980db2e05650dfd34504bfd18cc3456a54f99b4034af6
                                                                                        • Instruction ID: 4b33712bd5ba2510e6a88238081c5c9cc6998e9e2df8075dbeb495a1784ecc99
                                                                                        • Opcode Fuzzy Hash: a787f5c70b0da52dd39980db2e05650dfd34504bfd18cc3456a54f99b4034af6
                                                                                        • Instruction Fuzzy Hash: 64018623709A5086FB31EB69F4053ED67B1AB49B58F4007968E4D43A55DF38C285D3C4
                                                                                        Function 000002733BE7BC68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: EnumLocalesSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2099609381-0
                                                                                        • Opcode ID: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                                                                        • Instruction ID: 035d04043bde9c3cd5eb5c0ca02d314ff38aff0527425ca62f1b94c967945668
                                                                                        • Opcode Fuzzy Hash: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                                                                        • Instruction Fuzzy Hash: C5F03C76708A4483E724EB29F8992D97762F798B80F54A165EA4D83365CE3CC651A380
                                                                                        Function 000002733BE87F00 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: HeapProcess
                                                                                        • String ID:
                                                                                        • API String ID: 54951025-0
                                                                                        • Opcode ID: 2bd217787b85c097b3ccba094d4d30ef76119dd789487d52041f712bc5b72eb7
                                                                                        • Instruction ID: bfc61d9dcf92a3e81373103895cf3d8a8f4eb1c705334fe9970d08547e58498b
                                                                                        • Opcode Fuzzy Hash: 2bd217787b85c097b3ccba094d4d30ef76119dd789487d52041f712bc5b72eb7
                                                                                        • Instruction Fuzzy Hash: 20B09220E0BA55D6EA18BB156C8A34423A4BB48B10F884598800C41720DB2C02A56790
                                                                                        Function 000002733BE083D0 Relevance: .8, Instructions: 795COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b9b8fdb5bbf29e83ba46770476c642bc1a2f153b56793c0f77b40a01b05bd800
                                                                                        • Instruction ID: 1839750d269ec533bafdcd57dc459f085ea9d8d54178d37e3a31c303c37acf12
                                                                                        • Opcode Fuzzy Hash: b9b8fdb5bbf29e83ba46770476c642bc1a2f153b56793c0f77b40a01b05bd800
                                                                                        • Instruction Fuzzy Hash: 70A2A436615FC88AD7508FAAEC8119D73BAF749BA8B101629EFCC57F18EBB4C1548740
                                                                                        Function 000002733BE05520 Relevance: .8, Instructions: 792COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61b138e2f8be8669eaa3fa70493c75768e0123efac51ff36daff019644dff011
                                                                                        • Instruction ID: 6a706c478a65cb4b605d73c19d2bf6e5b9b37cc52143f67b9ae0a256dd3f7792
                                                                                        • Opcode Fuzzy Hash: 61b138e2f8be8669eaa3fa70493c75768e0123efac51ff36daff019644dff011
                                                                                        • Instruction Fuzzy Hash: 2C92C732919BC88AD771CF29E8812DAB7A8F79D788F505315EACC16B19EB38C354C744
                                                                                        Function 000002733BE366A0 Relevance: .4, Instructions: 361COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                                        • Instruction ID: b8de9ac856d706471075d377053e8e7bce974b474f6a916fe7015a538d244fc6
                                                                                        • Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                                        • Instruction Fuzzy Hash: 04C15A737286A48BE766CF6AE9486A9B762F7D4BD0F45D220DF4D07B48D638C902C740
                                                                                        Function 000002733BDE6610 Relevance: .3, Instructions: 346COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6be2e4abd64f590320afb9fc3fe649fed7ec12c2b8de295ccc4015a354be2fd
                                                                                        • Instruction ID: 03ade9c7931f251ca4c551f6ea1fb076e2e6243f3ea631aac8afd53fa55482dc
                                                                                        • Opcode Fuzzy Hash: a6be2e4abd64f590320afb9fc3fe649fed7ec12c2b8de295ccc4015a354be2fd
                                                                                        • Instruction Fuzzy Hash: 0812B532619FC88AE771CF29E84139AB3A4F789788F505315EACC57B59EB38C254CB44
                                                                                        Function 000002733BE4FDB0 Relevance: .3, Instructions: 323COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                                        • Instruction ID: f85299e06373ff15ecc294381ad579eeba4482b77edfb66f9139e699e69b31e4
                                                                                        • Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                                        • Instruction Fuzzy Hash: A4C1C3B3A146948BE355CF2DD40195D7BA0F398B84F40A629EF5AC3B01E778D9A5CF80
                                                                                        Function 000002733BE06510 Relevance: .3, Instructions: 314COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                                                                        • Instruction ID: c03d1e8c510d3345fd111aabb7df8c7f92b16bbf46065a3f9508866b145f0482
                                                                                        • Opcode Fuzzy Hash: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                                                                        • Instruction Fuzzy Hash: C702D532A15FC489D7228F79E8813D977A4F7AD798F105315EACC2AB19EBB4C294C740
                                                                                        Function 000002733BE78C34 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 4023145424-0
                                                                                        • Opcode ID: f39b52ed8424437b231758bdb93ffc4f840ea96165d05f634ae1d9fa5926c97e
                                                                                        • Instruction ID: 81c66e87c2d885179c67d70b563c4e4b8c3d01710b6c7f7b1b7ea2d13c2a2ac4
                                                                                        • Opcode Fuzzy Hash: f39b52ed8424437b231758bdb93ffc4f840ea96165d05f634ae1d9fa5926c97e
                                                                                        • Instruction Fuzzy Hash: 06C10A2630868486FB74EB2AA8157EE27A5F7A4B88F404255FE4D877D4DB38C745E380
                                                                                        Function 000002733BE86984 Relevance: .3, Instructions: 271COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Value_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1500699246-0
                                                                                        • Opcode ID: 8359977cf5bdbaae4c5aab83856ae08c3cfc9e43f61b49509031a229a49b9122
                                                                                        • Instruction ID: 8c51cd44fe4b9db984bb4caf65ff3d5c63576b22cbb866dfd0008ecaa52cf683
                                                                                        • Opcode Fuzzy Hash: 8359977cf5bdbaae4c5aab83856ae08c3cfc9e43f61b49509031a229a49b9122
                                                                                        • Instruction Fuzzy Hash: AEB1D232618A888AEB74FF69E5197D933A1F354F89F408361DA59C36D9DB38C641E3C0
                                                                                        Function 000002733BE75044 Relevance: .2, Instructions: 247COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                                                                        • Instruction ID: 1457b4b3b163226642b72b4abe1913f8f65fc70d515e67eebd9effc32e561549
                                                                                        • Opcode Fuzzy Hash: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                                                                        • Instruction Fuzzy Hash: 15B17F72118B8487E774DF2DA05A3AC3BF4E349B48F240296EB5E47399DB75C641E780
                                                                                        Function 000002733BE77060 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 785bb13fe01c7cf8ebae0a68e8c88eb6843a3380ff6b94b7bcfacfe4a0d1ed08
                                                                                        • Instruction ID: f46e9dd798303e24874e15a75894cfc6f047e1d626f587eeaaddfa735fc3068c
                                                                                        • Opcode Fuzzy Hash: 785bb13fe01c7cf8ebae0a68e8c88eb6843a3380ff6b94b7bcfacfe4a0d1ed08
                                                                                        • Instruction Fuzzy Hash: D081C372204A5086EB30EF29E49A3AD2360F744BE8F144756FE2E87785DF34C641E380
                                                                                        Function 000002733BDE6D20 Relevance: .2, Instructions: 203COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4e8cb9989ebccae2b4934454dacc3e473b3a3bc5e9d1377eb956669a5a9cd281
                                                                                        • Instruction ID: 03562924539fa1ee90ea2b7ccc6cad53143be483cd6e605e6a0cb5f9357bbfed
                                                                                        • Opcode Fuzzy Hash: 4e8cb9989ebccae2b4934454dacc3e473b3a3bc5e9d1377eb956669a5a9cd281
                                                                                        • Instruction Fuzzy Hash: FDB1F432A19FC88AD710CFA9E840299B7B5F7997A8F145315EACC23F68EB74C254C740
                                                                                        Function 000002733BE9E2CC Relevance: .2, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 0101b5bfc7e861b0726451e18251d4484926b191a0e7c85200f779e0e00e1385
                                                                                        • Instruction ID: 6b68e4062e41e1e9b1af4b8d94c21b22352eb69ebb8b24eee02b6fe39fd002b7
                                                                                        • Opcode Fuzzy Hash: 0101b5bfc7e861b0726451e18251d4484926b191a0e7c85200f779e0e00e1385
                                                                                        • Instruction Fuzzy Hash: BA61F42270C29486F778EB2CA44CBFD7681A740760F1847A9EB9D477C5E67DCA4CA780
                                                                                        Function 000002733BE501F0 Relevance: .2, Instructions: 174COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                                                                        • Instruction ID: ffd4806f47d477737c1172686c35d7610ea256f7dd794da53e994d28eb0005fc
                                                                                        • Opcode Fuzzy Hash: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                                                                        • Instruction Fuzzy Hash: DF61EF2321E2C48FD31EDF7C589106D7F61D3A7908388469DEAC5EBB4BC504C95ACBA6
                                                                                        Function 000002733BE7EE06 Relevance: .2, Instructions: 160COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8361dc49c257ca5c58a7e22c82553e287cd3153b8e2e7dc21ca7117d7e5b9edd
                                                                                        • Instruction ID: 21adedd25129bb9793e46884ee83b523653d7eddaf150dd6ae77266e207a1e39
                                                                                        • Opcode Fuzzy Hash: 8361dc49c257ca5c58a7e22c82553e287cd3153b8e2e7dc21ca7117d7e5b9edd
                                                                                        • Instruction Fuzzy Hash: 7F51047220C68447EB74DB1DB44A3A96A91F3467D4F004365EA9E43F99DB3DC200AB80
                                                                                        Function 000002733BE58230 Relevance: .2, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                                                                        • Instruction ID: 284a9a253deb29079ded95e804d562f90332864d436b5d157f4be0c2a5d8d4bb
                                                                                        • Opcode Fuzzy Hash: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                                                                        • Instruction Fuzzy Hash: 465104A3B0568443DB248B49FC42796F7A5FBD87C5F00A126EE8D57B68EB3CD5808700
                                                                                        Function 000002733BE747FC Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                        • Instruction ID: 47e3a1d62b280b2a3b6ccc9de618579b561724a1c2a69eaf845882e82f50f468
                                                                                        • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                        • Instruction Fuzzy Hash: 9F51733761869487F735DB2DE05A3A837B0E385B58F244291EACD177A4C736CA53E780
                                                                                        Function 000002733BE745F8 Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                        • Instruction ID: 9c06a589db50658ccaa51ae4f2595cfe0abc8984538edc1d09229cf8f3764be6
                                                                                        • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                        • Instruction Fuzzy Hash: 37518E37218A5087E735DB2DE0497A827B0E385B58F244251EE8D077A4C736DE52E7C0
                                                                                        Function 000002733BE74A00 Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                        • Instruction ID: 892d198839677baff66968eb6eb02fd8373a2e992af3434661ea0efe729a723f
                                                                                        • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                        • Instruction Fuzzy Hash: 6251813721865087E735DB2EE04A3A937B0E3D4B58F244251EE8D177A8E736DE52E780
                                                                                        Function 000002733BE89EA0 Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: 8fbae818eea1d914da60437b7a5c964747a04bdd4ff824fbc22ee65c1649dd6a
                                                                                        • Instruction ID: 2b3759f3b788ad4afc27b4cb5d0605bbe39620f4f6ccb3ee163e31c04a8026b5
                                                                                        • Opcode Fuzzy Hash: 8fbae818eea1d914da60437b7a5c964747a04bdd4ff824fbc22ee65c1649dd6a
                                                                                        • Instruction Fuzzy Hash: 28411C36314E5482EF14DF6AE9182A97391F748FD4F49A122EE0D87B64DF3DC5429380
                                                                                        Function 000002733BEB2008 Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                                                                        • Instruction ID: 1aaf2256a03966f1b2866756c7a7ea71547e364976815647f16115be7f6cc13b
                                                                                        • Opcode Fuzzy Hash: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                                                                        • Instruction Fuzzy Hash: 24F0C747E1E7D45AF772EB281C7D3C41F919B92922F4D41CA9A45475D394460E06F3C1
                                                                                        Function 000002733BEB22D8 Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d53a79903260b7a4f0e6c71e7ffc168a0f2adb2b336afcda935cdf6e025e0c2f
                                                                                        • Instruction ID: 68b6616308b9af48c007f373e9c6d33a9f578202f089094cf3be5ac5cfacc976
                                                                                        • Opcode Fuzzy Hash: d53a79903260b7a4f0e6c71e7ffc168a0f2adb2b336afcda935cdf6e025e0c2f
                                                                                        • Instruction Fuzzy Hash: B2F0F997E5FED006F3B2F7281D3E28C2FD29BB2506F1D428A8B4807183A4051D0472D1
                                                                                        Function 000002733BEB2398 Relevance: .0, Instructions: 15COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 91d01cb9ed2bd3d2d45766b86e1c76849cdc335525e86e8d4b249a2a0640e502
                                                                                        • Instruction ID: 3f382ff6142f054e2d9956863fa903f88a46091d0893e6256db0ec105e48ce6d
                                                                                        • Opcode Fuzzy Hash: 91d01cb9ed2bd3d2d45766b86e1c76849cdc335525e86e8d4b249a2a0640e502
                                                                                        • Instruction Fuzzy Hash: 71E04F87E4EAC119F326D3681C3F64C5FD15B73A12B4D81DF8748036D3B44A2D00A391
                                                                                        Function 000002733BEB22C8 Relevance: .0, Instructions: 5COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: edd3a2eeda825b6b20b33a8d4304bb014d0de21dbcdcdd6f5120fd93b8e00f70
                                                                                        • Instruction ID: 3e52525d39e57bbbd7167a3d2a5026f39e520ea7036a62e7442895414421d68b
                                                                                        • Opcode Fuzzy Hash: edd3a2eeda825b6b20b33a8d4304bb014d0de21dbcdcdd6f5120fd93b8e00f70
                                                                                        • Instruction Fuzzy Hash: 7DA002DBE99384ABCB1609700CE14E91F1679B2900395505EE351D33D3BC8D0A0B9522
                                                                                        Function 000002733BEB26E0 Relevance: .0, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                                                                        • Instruction ID: dd821fc456802a82e214712cdc142db2467fbba7cfc259e82cbb70f11fd0d425
                                                                                        • Opcode Fuzzy Hash: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                                                                        • Instruction Fuzzy Hash: F8A0125370D090C6F1175B14140D1842B50DB52500B888080850002407C019040D9A80
                                                                                        Function 000002733BEB2090 Relevance: .0, Instructions: 2COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                                                                        • Instruction ID: ea494100ae4b06ccfc3813b00a83396d41290cc99dde8ead6981ca79b0f3276f
                                                                                        • Opcode Fuzzy Hash: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Function 000002733BE4ED30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 3925315391-0
                                                                                        • Opcode ID: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
                                                                                        • Instruction ID: 26aa0a667c38c0c81f807c8e9e728bb127d1c37675373475f6c38edafca840ec
                                                                                        • Opcode Fuzzy Hash: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
                                                                                        • Instruction Fuzzy Hash: 9981A53161DB8082E724EF19F84839EB7A5FB88B94F404255EE4D53B94DF78C645E780
                                                                                        Function 000002733BE6FDCC Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: 0$0$0
                                                                                        • API String ID: 3215553584-3137946472
                                                                                        • Opcode ID: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
                                                                                        • Instruction ID: 8209ea528b4f2fba46ffc547b8499e59e9dbdd71cab447cf5ea36fb52bb74e47
                                                                                        • Opcode Fuzzy Hash: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
                                                                                        • Instruction Fuzzy Hash: F6E1053210D6858AF771EF2CA0A93ED3B919712785F549282E78D47787C635CA5AF3C0
                                                                                        Function 000002733BE54C60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name$false$true
                                                                                        • API String ID: 164343898-1062449267
                                                                                        • Opcode ID: 3c642f864733e41381d771a2a077dfc74cd5084416de59f9f5d8b3af538e5cc1
                                                                                        • Instruction ID: 890e424658136e1706ffe8e6189279f00c761b979cb3de11f8cd0182d0144946
                                                                                        • Opcode Fuzzy Hash: 3c642f864733e41381d771a2a077dfc74cd5084416de59f9f5d8b3af538e5cc1
                                                                                        • Instruction Fuzzy Hash: 8D716F2270AB408AFB25EFB9E4543EC33B5EB84748F0442699E4C67B99DF34C655E384
                                                                                        Function 000002733BE7BCE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressFreeLibraryProc
                                                                                        • String ID: api-ms-$ext-ms-
                                                                                        • API String ID: 3013587201-537541572
                                                                                        • Opcode ID: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                                                                        • Instruction ID: f4ddac008046772f3149250bfe055760f374d6214c27900ce4143406fc00b252
                                                                                        • Opcode Fuzzy Hash: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                                                                        • Instruction Fuzzy Hash: 8141272231AA0082FA35EB2ABC5C7D52795FB45BE0F094765EE1D87794DF3CC605A380
                                                                                        Function 000002733BE55090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseFileHandleOpenRead
                                                                                        • String ID: File Downloader
                                                                                        • API String ID: 4038090926-3631955488
                                                                                        • Opcode ID: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                                                                        • Instruction ID: 33482b48a03623471f43a9beb23a4656a5878cac86e54fa5badde5050eb66f25
                                                                                        • Opcode Fuzzy Hash: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                                                                        • Instruction Fuzzy Hash: C6318332619B8086E720EF59F9647DAB7A0FB89BC4F444116EE4D43B58DF78C6419B80
                                                                                        Function 000002733BE732AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: f$p$p
                                                                                        • API String ID: 3215553584-1995029353
                                                                                        • Opcode ID: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                                                                        • Instruction ID: 47ff621639653b96b737114e3696d3936d8e0710cc1f59bbf106807c4b067c78
                                                                                        • Opcode Fuzzy Hash: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                                                                        • Instruction Fuzzy Hash: F512A26260C24187FBB4FB5DF01E7EA76A1F380754F944395F69A466C8D738C782AB80
                                                                                        Function 000002733BE781FC Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: a64517f74db65a597346d350dde432297d840979f255a46bef08400084ad21a5
                                                                                        • Instruction ID: 85cf5b5f101f857aca7d45ab27251426835e0f7abe23fee583ad8ede0ed056dd
                                                                                        • Opcode Fuzzy Hash: a64517f74db65a597346d350dde432297d840979f255a46bef08400084ad21a5
                                                                                        • Instruction Fuzzy Hash: F3215E2020D64083FA78F77A7A6E3E952525F557F0F145794B93E46BD6EE28860173C0
                                                                                        Function 000002733BE8ABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                        • String ID: CONOUT$
                                                                                        • API String ID: 3230265001-3130406586
                                                                                        • Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                                        • Instruction ID: 621836a845d779820751c74c10ae25e10686a560ba0d54c175b405391d9450e9
                                                                                        • Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                                        • Instruction Fuzzy Hash: 61116035719A4086E760EB5AF85839A67A0FB88FE4F045354EE5D877A4CF7CCA4487C0
                                                                                        Function 000002733BE9B73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$CompareInfoString
                                                                                        • String ID:
                                                                                        • API String ID: 2984826149-0
                                                                                        • Opcode ID: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                                                                        • Instruction ID: 3cd2eb1cc0ed5a01ad78169d9cfa2ba695a8cba0556acadc02d75bfaf16c6cd1
                                                                                        • Opcode Fuzzy Hash: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                                                                        • Instruction Fuzzy Hash: F7A1B0726087808AFB35EB39B4583E97691F744BA8F444791DA9C07BD5DB7CCA48A3C0
                                                                                        Function 000002733BE9B3DC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiStringWide
                                                                                        • String ID:
                                                                                        • API String ID: 2829165498-0
                                                                                        • Opcode ID: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
                                                                                        • Instruction ID: 6d3e2658b38da7860dea000a20cbda3ba97060d41971ee2707bce65fd8919677
                                                                                        • Opcode Fuzzy Hash: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
                                                                                        • Instruction Fuzzy Hash: A381B17220978086EB30EF29F44839977E5FB44BA8F144761EA9D47BD9DB3CC6049780
                                                                                        Function 000002733BE703B8 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
                                                                                        • Instruction ID: 32df09234e7e328bebce271edb12b085d6b1ededd309091447872870e9caab76
                                                                                        • Opcode Fuzzy Hash: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
                                                                                        • Instruction Fuzzy Hash: E051846610C68487E772EF28F06A3ED3BA1A745B45F548191E7CC47387DA29CA46E382
                                                                                        Function 000002733BE78374 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32 ref: 000002733BE78383
                                                                                        • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000002733BE740D5,?,?,?,?,000002733BE7B584), ref: 000002733BE783B9
                                                                                        • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000002733BE740D5,?,?,?,?,000002733BE7B584), ref: 000002733BE783E6
                                                                                        • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000002733BE740D5,?,?,?,?,000002733BE7B584), ref: 000002733BE783F7
                                                                                        • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000002733BE740D5,?,?,?,?,000002733BE7B584), ref: 000002733BE78408
                                                                                        • SetLastError.KERNEL32 ref: 000002733BE78423
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: 47747b4fce285073a0e2fe22e01b95934fc6c31783b87f6b8fd0ce1873d4bd80
                                                                                        • Instruction ID: 2d47c47e2a0e24cb36d2236559737d15176d37dad3a5b37902ade8b1e7c5cd47
                                                                                        • Opcode Fuzzy Hash: 47747b4fce285073a0e2fe22e01b95934fc6c31783b87f6b8fd0ce1873d4bd80
                                                                                        • Instruction Fuzzy Hash: 8C11592020D25043FA78F73E7A6E3AE62566F547F0F5457A4B93E467D6EE289600B3C0
                                                                                        Function 000002733BE0DB90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                                                                        • String ID: ", "$: "
                                                                                        • API String ID: 741338541-747220369
                                                                                        • Opcode ID: e5b5310406cebe98878b3f25866df8b0674e324702342a29c6964b498bd6ede7
                                                                                        • Instruction ID: 686bc833025599cc86497e5cd0e3329d6b65b3a1fbc595cfbc4278da14f444a9
                                                                                        • Opcode Fuzzy Hash: e5b5310406cebe98878b3f25866df8b0674e324702342a29c6964b498bd6ede7
                                                                                        • Instruction Fuzzy Hash: 3BB1C172709B4086EB20EF69F4483EC23A1E749B88F408661DE5D57B9ADF38C695D3C0
                                                                                        Function 000002733BE832C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                        • API String ID: 4061214504-1276376045
                                                                                        • Opcode ID: db481cee700add6652efbd16517b6fad29b9a19914f0d4d044d41ba2919793f2
                                                                                        • Instruction ID: 89cef42610c8f6a291b72e3a6a6965e20c6b9e2845b4a31489e4e284dc96f69c
                                                                                        • Opcode Fuzzy Hash: db481cee700add6652efbd16517b6fad29b9a19914f0d4d044d41ba2919793f2
                                                                                        • Instruction Fuzzy Hash: 59F04F2160EB0081EA34EB28B45D3995760EB48B63F541795967E462F4CF28C389A7C0
                                                                                        Function 000002733BE7F4D8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _set_statfp
                                                                                        • String ID:
                                                                                        • API String ID: 1156100317-0
                                                                                        • Opcode ID: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                                                                        • Instruction ID: aad92ffe2f289345e44da174d161e74394ebbb4503ebdd91d211dddfa7b67c17
                                                                                        • Opcode Fuzzy Hash: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                                                                        • Instruction Fuzzy Hash: 1C81141212CAC487F672EF3CB44A3EE62A0FB55394F144381FA6E265E5D734CB81A6C0
                                                                                        Function 000002733BE7843C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FlsGetValue.KERNEL32(?,?,?,000002733BE6F8AF,?,?,00000000,000002733BE6FB4A,?,?,?,?,-2891666E48DAA7FF,000002733BE6FAD6), ref: 000002733BE7845B
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002733BE6F8AF,?,?,00000000,000002733BE6FB4A,?,?,?,?,-2891666E48DAA7FF,000002733BE6FAD6), ref: 000002733BE7847A
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002733BE6F8AF,?,?,00000000,000002733BE6FB4A,?,?,?,?,-2891666E48DAA7FF,000002733BE6FAD6), ref: 000002733BE784A2
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002733BE6F8AF,?,?,00000000,000002733BE6FB4A,?,?,?,?,-2891666E48DAA7FF,000002733BE6FAD6), ref: 000002733BE784B3
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002733BE6F8AF,?,?,00000000,000002733BE6FB4A,?,?,?,?,-2891666E48DAA7FF,000002733BE6FAD6), ref: 000002733BE784C4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: 64b21c8772d4c2280a2575dd52794ef6fbd465c186315b0bb9d8ae0d08d06aa7
                                                                                        • Instruction ID: 2cc91ef7ace1fe262df87106a6baf685f949416c403532c7fca6af3b61f11a5a
                                                                                        • Opcode Fuzzy Hash: 64b21c8772d4c2280a2575dd52794ef6fbd465c186315b0bb9d8ae0d08d06aa7
                                                                                        • Instruction Fuzzy Hash: 6911812030D20043FA78F33A7A6B3E912466B543F4F6853A4B97E467D6EE68D601B3C0
                                                                                        Function 000002733BE782D0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: e27ca31b50e2d5aa569de687d9ca52c361e113afdb0e2059800f2a58b2f57a54
                                                                                        • Instruction ID: 44d8c414f7127e07d7255562d45a91d5cfc89f6e0f47ecf1567e0461327bd15a
                                                                                        • Opcode Fuzzy Hash: e27ca31b50e2d5aa569de687d9ca52c361e113afdb0e2059800f2a58b2f57a54
                                                                                        • Instruction Fuzzy Hash: CB11F72020D20507F978F33E786B3EA12825B557B5F585BE4793E4A3D6EE299A41B2C0
                                                                                        Function 000002733BE26510 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 1287851536-1405518554
                                                                                        • Opcode ID: 415de4996ee4135b614fdbd6a511a1b442f80551b934d1b3caf70d8bd98b81a6
                                                                                        • Instruction ID: 25387be2ddb57f9091538d7c0dd358d3aa55bdfe48bf1cb8a666c097795c2c16
                                                                                        • Opcode Fuzzy Hash: 415de4996ee4135b614fdbd6a511a1b442f80551b934d1b3caf70d8bd98b81a6
                                                                                        • Instruction Fuzzy Hash: A7919F32B05B808AFB24EFB9F4543DC3361EB45B88F044765DA8D1BB99DE38C655A380
                                                                                        Function 000002733BE9D3EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                        • API String ID: 3215553584-1196891531
                                                                                        • Opcode ID: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                                                                        • Instruction ID: d62488f948edcc99fa73d2eb4467b70963681ec19b110d1a79aef0cbaee4e34a
                                                                                        • Opcode Fuzzy Hash: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                                                                        • Instruction Fuzzy Hash: 6A81AF7260C220C5FB75EFADA2583F836A0E311B48F55C285DA8E97295D72DCA09B7C1
                                                                                        Function 000002733BE39E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: at line $, column
                                                                                        • API String ID: 2453523683-191570568
                                                                                        • Opcode ID: 2b99ca083d44147745e0950aefd117bb8e481d61a4d231a850388cb78075ca51
                                                                                        • Instruction ID: 80318dc5518fd29dd52646136bea2756839cf05623fabb124cee752990d7e27b
                                                                                        • Opcode Fuzzy Hash: 2b99ca083d44147745e0950aefd117bb8e481d61a4d231a850388cb78075ca51
                                                                                        • Instruction Fuzzy Hash: 0351B262608B4081EA20EB1AF5883AE6761F785BD0F505351EBAD47B96DF39C681D380
                                                                                        Function 000002733BE0C910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 1612978173-1405518554
                                                                                        • Opcode ID: 6daa0c317871165e2d2245588267f06fb10382b189967dd0ac8f71b9f87e0640
                                                                                        • Instruction ID: ccbfb8de0d358148401bb88e708d754b089caecde9f3a2a7f758ceb60fbc9fbe
                                                                                        • Opcode Fuzzy Hash: 6daa0c317871165e2d2245588267f06fb10382b189967dd0ac8f71b9f87e0640
                                                                                        • Instruction Fuzzy Hash: AC515B3270AB408AFB20EF79E4543EC3375EB44748F444669DE8E26A95DB38C655E384
                                                                                        Function 000002733BE60F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID: ?
                                                                                        • API String ID: 71445658-1684325040
                                                                                        • Opcode ID: 3d0ddc66878d42595fa9f6f8c949674767b934469400fd24a4eeae24022c089c
                                                                                        • Instruction ID: 6feb58d85d0992ce97f5fe28f1d5973a9b011dd640592e368e4c051975adc3e4
                                                                                        • Opcode Fuzzy Hash: 3d0ddc66878d42595fa9f6f8c949674767b934469400fd24a4eeae24022c089c
                                                                                        • Instruction Fuzzy Hash: 2D41A432A1CB8081EB60DB29F4843AAB7A0F7897D4F105315FA9D42A99DF7CC194DB80
                                                                                        Function 000002733BE99520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetTempPath2W$kernel32.dll
                                                                                        • API String ID: 1646373207-1846531799
                                                                                        • Opcode ID: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                                                                        • Instruction ID: 6c96aef7ece5d072e770e9cad764fed84ecdfc7a052970e72dda3a4239423250
                                                                                        • Opcode Fuzzy Hash: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                                                                        • Instruction Fuzzy Hash: 0DE09222B0DB4481EE18EB19F98C1A82321FF88B81F4851A5C91E07334DE3CC644A780
                                                                                        Function 000002733BE4F480 Relevance: 6.5, APIs: 4, Instructions: 478COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 1562318730-0
                                                                                        • Opcode ID: 1b04c40f53ec55e2de12909e53904fdcd84ebb9b237009adbed41d140147577b
                                                                                        • Instruction ID: 48cdcffafa11a7d7638b118e5ae22af0210015b98561600c3c162943f918d88e
                                                                                        • Opcode Fuzzy Hash: 1b04c40f53ec55e2de12909e53904fdcd84ebb9b237009adbed41d140147577b
                                                                                        • Instruction Fuzzy Hash: 2522C262B18B8445FB20EB7CF4583ED2761E781BA4F505741EA6D06AEADF78C5C4E380
                                                                                        Function 000002733BE7B248 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ConsoleErrorLastMode
                                                                                        • String ID:
                                                                                        • API String ID: 953036326-0
                                                                                        • Opcode ID: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
                                                                                        • Instruction ID: 0904800dddc672ae936a490fa6b322d4fdf9fe187031db0649f8b1de3b1c3f69
                                                                                        • Opcode Fuzzy Hash: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
                                                                                        • Instruction Fuzzy Hash: AE91F83271865087F770EF7DA4993ED2BA0F744B88F644289EE0E57684DB34C682E780
                                                                                        Function 000002733BE64220 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                                        • String ID:
                                                                                        • API String ID: 2488768755-0
                                                                                        • Opcode ID: d5bee1dafb1d95a018c503b2449085841ff83489c5dfb9d12ed58605717af246
                                                                                        • Instruction ID: c8448f5919914153222c6405eb174d77cc0f95d34ca9a7744842e1bc0b35008b
                                                                                        • Opcode Fuzzy Hash: d5bee1dafb1d95a018c503b2449085841ff83489c5dfb9d12ed58605717af246
                                                                                        • Instruction Fuzzy Hash: 10519A22A08B8082EB20EF19F44439D7770F798B94F549245EB9D03B95DF78D2E1D380
                                                                                        Function 000002733BE20120 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                                        • String ID:
                                                                                        • API String ID: 3698853521-0
                                                                                        • Opcode ID: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
                                                                                        • Instruction ID: 0434264b74049ee76d3579144ae7df12ca41a4465cbb1c5668c17be2b98f4345
                                                                                        • Opcode Fuzzy Hash: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
                                                                                        • Instruction Fuzzy Hash: A3418E32219B4081EA35FB19F8483D973A4FB88B90F5456A2EE9D077A6DF38C645D780
                                                                                        Function 000002733BE70274 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
                                                                                        • Instruction ID: 3b4aee9f23452e85c4a8d760acac2694214c23854d245112e3fdab597ed68895
                                                                                        • Opcode Fuzzy Hash: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
                                                                                        • Instruction Fuzzy Hash: 8D416563108A84D7E772EF28E4263EC3FA4E745F45F098281E68D47387DA39C645D396
                                                                                        Function 000002733BE21DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                        • String ID:
                                                                                        • API String ID: 1168246061-0
                                                                                        • Opcode ID: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                                                                        • Instruction ID: bf85da4fff92dc0bed40fef84739be803d11da42fbf2e6355458fdc19ce625d6
                                                                                        • Opcode Fuzzy Hash: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                                                                        • Instruction Fuzzy Hash: 0A41802620DA4090EA34FB19F8483D97760F788BA4F581661EA8D4B7A5DF3CC742A780
                                                                                        Function 000002733BE540C0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                        • String ID:
                                                                                        • API String ID: 1168246061-0
                                                                                        • Opcode ID: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                                                                        • Instruction ID: b24b0a29fbf1bc534a62d17fc757d1be2c680b0ca5d7f3d7f5b18bcada1ff44e
                                                                                        • Opcode Fuzzy Hash: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                                                                        • Instruction Fuzzy Hash: 60419322219A4080EA35FB1AF9493D97370FBD8B94F181662DA8D477A9DF3CC641D780
                                                                                        Function 000002733BE339F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                        • String ID:
                                                                                        • API String ID: 1168246061-0
                                                                                        • Opcode ID: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                                                                        • Instruction ID: 1353b9ffafdc8d0256837b46d24327ceba53e7877841c63d012110c4bae55824
                                                                                        • Opcode Fuzzy Hash: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                                                                        • Instruction Fuzzy Hash: 2E419122209B4080EA34FB1AF8483D97760F788B94F1827A1EA8D477A5DF3CC745D790
                                                                                        Function 000002733BE54940 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                        • String ID:
                                                                                        • API String ID: 1168246061-0
                                                                                        • Opcode ID: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                                                                        • Instruction ID: d1d39656028ba4e0e106b716a64509ef7ed6de5e0ef3933c1b463ad05c463145
                                                                                        • Opcode Fuzzy Hash: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                                                                        • Instruction Fuzzy Hash: 8C41A222219A4081FA35EB1AF4483D97370F7C8B94F181662EA9D077A9DF3CC645D784
                                                                                        Function 000002733BE99704 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 203985260-0
                                                                                        • Opcode ID: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                                                                        • Instruction ID: 464702cc817b599558e201473b8da5fb1b94f2ec1e680cf2eaf63fda2a34f359
                                                                                        • Opcode Fuzzy Hash: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                                                                        • Instruction Fuzzy Hash: 82216D76618B8487E320DF25F44834EBBB4F789F90F640268EB8897B54DF39C5058B80
                                                                                        Function 000002733BE99BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                                                        • String ID:
                                                                                        • API String ID: 156590933-0
                                                                                        • Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                                        • Instruction ID: e4163b0e6b85d46b0d7ed9644028604d29b2ed118534c5082c215d9e0bca5b8d
                                                                                        • Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                                        • Instruction Fuzzy Hash: 3611A72561C64045FB74E72DB88C3AA7791E7847F0F141750BAFF46AE5DA3CC648AB80
                                                                                        Function 000002733BE0EAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: [json.exception.
                                                                                        • API String ID: 0-791563284
                                                                                        • Opcode ID: 8890b59e8ca75e1c14b035967b45d934b423924ca889e0edc636b58881abacd2
                                                                                        • Instruction ID: b1a09ed93cf149bea3a4f7501e3f072ca64a2d208a3843eea2de8ab78bb4d080
                                                                                        • Opcode Fuzzy Hash: 8890b59e8ca75e1c14b035967b45d934b423924ca889e0edc636b58881abacd2
                                                                                        • Instruction Fuzzy Hash: 88713162F04B8085F720EB7EE8443DD27A1E795B94F504366EE9D17B8ACB78C281D380
                                                                                        Function 000002733BE54EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3988782225-1405518554
                                                                                        • Opcode ID: 3e63ed91c755b58efa84700b8259247b457ca690d7009b472c2e321bcce58a50
                                                                                        • Instruction ID: 60d37d0580ca2605cae9130b5a25a06bd184dcc210a9cd92beccbee956ef8956
                                                                                        • Opcode Fuzzy Hash: 3e63ed91c755b58efa84700b8259247b457ca690d7009b472c2e321bcce58a50
                                                                                        • Instruction Fuzzy Hash: C0518D33309A448AFB20EF79E4543EC33B4EB84748F441265EE4D27A99CE34C625E394
                                                                                        Function 000002733BE34780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3988782225-1405518554
                                                                                        • Opcode ID: 33cebd67afb6c9d3521887092eb66b60fea1dbd9b11489f81ba7abd99a6a0c28
                                                                                        • Instruction ID: 44bf8c8c7dd582079a5b30182af8a746d7064b4a8e1a3fabff4af5fbc411ae90
                                                                                        • Opcode Fuzzy Hash: 33cebd67afb6c9d3521887092eb66b60fea1dbd9b11489f81ba7abd99a6a0c28
                                                                                        • Instruction Fuzzy Hash: 32515D33309B408AFB20EF78E4943EC33B4EB94748F045665EA8D67A95DE34C655E394
                                                                                        Function 000002733BE81068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                        • String ID: ?
                                                                                        • API String ID: 1286766494-1684325040
                                                                                        • Opcode ID: cc61daf68fc51e1744773e59e44ac92936385923c50019f164254ef25fcaf87b
                                                                                        • Instruction ID: f5c14b0d2b5fa4d41f3b79ea1702200190df080983cf4dadc372a5b1a57bec71
                                                                                        • Opcode Fuzzy Hash: cc61daf68fc51e1744773e59e44ac92936385923c50019f164254ef25fcaf87b
                                                                                        • Instruction Fuzzy Hash: FC41582630CBC046FB71EB29F40A3EA6690E784FA5F104365EE5D86BD5DA38C68197C1
                                                                                        Function 000002733BE7AF20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastWrite
                                                                                        • String ID: U
                                                                                        • API String ID: 442123175-4171548499
                                                                                        • Opcode ID: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                                                                        • Instruction ID: b18c14bcb6393b98208c8e4285c762d30b9b223dca78f03ac571a2d20a8ee3be
                                                                                        • Opcode Fuzzy Hash: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                                                                        • Instruction Fuzzy Hash: 6541B572719A4086DB20EF69F8593EA67A1F798B84F404121EE4E87794DF3CC541E780
                                                                                        Function 000002733BE8F198 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1929384521.000002733BDE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002733BDE0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2733bde0000_venomderek.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                        • String ID: csm
                                                                                        • API String ID: 2573137834-1018135373
                                                                                        • Opcode ID: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                                                                        • Instruction ID: af6bc6dbf7369faa2bbd273397b48530394f9b5510f1aade7e1b8ace9b78073a
                                                                                        • Opcode Fuzzy Hash: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                                                                        • Instruction Fuzzy Hash: 7A115B32609B8482EB61DB19F44429977E0FB88B84F184761DECD47B69DF38C651CB80