Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Xeno Executor.exe

Overview

General Information

Sample name:Xeno Executor.exe
Analysis ID:1570765
MD5:36517f5bfae396a1d223e7491a3044cc
SHA1:591a20349741340b21e0d3ea7d70a7df4043e925
SHA256:e5d7e8537578b6c2f2ad9d842c51fcda0535c82b4e84c52537afe852687aa5f2
Tags:exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Xeno Executor.exe (PID: 7676 cmdline: "C:\Users\user\Desktop\Xeno Executor.exe" MD5: 36517F5BFAE396A1D223E7491A3044CC)
    • Xeno Executor.exe (PID: 7756 cmdline: "C:\Users\user\Desktop\Xeno Executor.exe" MD5: 36517F5BFAE396A1D223E7491A3044CC)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "5.252.155.28", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "703", "self_destruct": true, "extensions": "none", "links": "none", "grabber_max_size": 1048576}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: Xeno Executor.exe PID: 7756JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: Xeno Executor.exe PID: 7756JoeSecurity_CredGrabberYara detected CredGrabberJoe Security
          Process Memory Space: Xeno Executor.exe PID: 7756JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.Xeno Executor.exe.140000000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              7.2.Xeno Executor.exe.140000000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-08T02:12:18.874077+010020494411A Network Trojan was detected192.168.2.7497015.252.155.2815666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-08T02:12:18.874077+010020508061A Network Trojan was detected192.168.2.7497015.252.155.2815666TCP
                2024-12-08T02:12:18.993941+010020508061A Network Trojan was detected192.168.2.7497015.252.155.2815666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-08T02:12:18.874077+010020508071A Network Trojan was detected192.168.2.7497015.252.155.2815666TCP
                2024-12-08T02:12:18.993941+010020508071A Network Trojan was detected192.168.2.7497015.252.155.2815666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 7.2.Xeno Executor.exe.140000000.0.raw.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "5.252.155.28", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "703", "self_destruct": true, "extensions": "none", "links": "none", "grabber_max_size": 1048576}
                Multi AV Scanner detection for submitted file
                Source: Xeno Executor.exeReversingLabs: Detection: 48%
                Source: Xeno Executor.exeVirustotal: Detection: 58%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                Machine Learning detection for sample
                Source: Xeno Executor.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140077BA0 CryptUnprotectData,LocalFree,7_2_0000000140077BA0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140078020 BCryptDecrypt,BCryptDecrypt,7_2_0000000140078020
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400783C0 BCryptCloseAlgorithmProvider,7_2_00000001400783C0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140078440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,Concurrency::cancel_current_task,7_2_0000000140078440
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D5660 BCryptCloseAlgorithmProvider,7_2_00000001400D5660
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D5688 BCryptSetProperty,7_2_00000001400D5688
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140033A30 BCryptDestroyKey,7_2_0000000140033A30
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140037C20 CryptUnprotectData,LocalFree,7_2_0000000140037C20
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140077EC0 CryptProtectData,LocalFree,7_2_0000000140077EC0
                Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49702 version: TLS 1.2
                Source: Xeno Executor.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BB500 FindClose,FindFirstFileExW,GetLastError,7_2_00000001400BB500
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,7_2_00000001400BB5B0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D54A0 FindFirstFileExW,7_2_00000001400D54A0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400873F0 GetLogicalDriveStringsW,7_2_00000001400873F0
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.7:49701 -> 5.252.155.28:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.7:49701 -> 5.252.155.28:15666
                Source: global trafficTCP traffic: 192.168.2.7:49701 -> 5.252.155.28:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                Source: Joe Sandbox ViewASN Name: WORLDSTREAMNL WORLDSTREAMNL
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.7:49701 -> 5.252.155.28:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.28
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140085240 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,7_2_0000000140085240
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: Xeno Executor.exe, 00000007.00000003.1330445171.000001CF3C881000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2522160496.000001CF3C890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.a.0/sTy
                Source: Xeno Executor.exe, 00000007.00000003.1330445171.000001CF3C881000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2522160496.000001CF3C890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.hotosh
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: Xeno Executor.exe, 00000007.00000003.1331055519.000001CF3ACD6000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1346884496.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1346449596.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1347973430.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1349929772.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                Source: Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344651900.000001CF3ACF7000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1343381202.000001CF3D635000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D636000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1343381202.000001CF3D635000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D636000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1343381202.000001CF3D635000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D636000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                Source: Xeno Executor.exe, 00000007.00000003.1352251079.000001CF3D7F8000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D659000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D651000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA80000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA88000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D67C000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D76D000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
                Source: Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: Xeno Executor.exe, 00000007.00000003.1352251079.000001CF3D7F8000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D659000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D651000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA80000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA88000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D67C000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D76D000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                Source: Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                Source: Xeno Executor.exe, 00000007.00000003.1352623889.000001CF3D928000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA8F000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D77D000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Xeno Executor.exe, 00000007.00000003.1352623889.000001CF3D928000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA8F000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D77D000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49702 version: TLS 1.2
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140085B70 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,7_2_0000000140085B70
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,7_2_000000014008A430
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D56F8 NtQuerySystemInformation,7_2_00000001400D56F8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D5720 NtQueryObject,7_2_00000001400D5720
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140089D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,7_2_0000000140089D30
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014007F0207_2_000000014007F020
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400880307_2_0000000140088030
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008D0507_2_000000014008D050
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014006D0807_2_000000014006D080
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400320B07_2_00000001400320B0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014009918C7_2_000000014009918C
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400852407_2_0000000140085240
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400453107_2_0000000140045310
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400663507_2_0000000140066350
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400304507_2_0000000140030450
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003D5707_2_000000014003D570
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BB5B07_2_00000001400BB5B0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008C5CB7_2_000000014008C5CB
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003E6107_2_000000014003E610
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400C06587_2_00000001400C0658
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400876A07_2_00000001400876A0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014002F7307_2_000000014002F730
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400868607_2_0000000140086860
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400659707_2_0000000140065970
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003CA107_2_000000014003CA10
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140085B707_2_0000000140085B70
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140034B707_2_0000000140034B70
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140031B907_2_0000000140031B90
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140032CA07_2_0000000140032CA0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003ECB07_2_000000014003ECB0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014002FE207_2_000000014002FE20
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A2E3C7_2_00000001400A2E3C
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140049F807_2_0000000140049F80
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A30B87_2_00000001400A30B8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014009F0D87_2_000000014009F0D8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400070E07_2_00000001400070E0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014005C0F07_2_000000014005C0F0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400AC1287_2_00000001400AC128
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D51407_2_00000001400D5140
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400931507_2_0000000140093150
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D51607_2_00000001400D5160
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400961647_2_0000000140096164
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D51687_2_00000001400D5168
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400061807_2_0000000140006180
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A71D87_2_00000001400A71D8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400912207_2_0000000140091220
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400702C07_2_00000001400702C0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014007E2F07_2_000000014007E2F0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400953947_2_0000000140095394
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400763A67_2_00000001400763A6
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400283D07_2_00000001400283D0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400AA3C87_2_00000001400AA3C8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400293F07_2_00000001400293F0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014007B4207_2_000000014007B420
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014005C4207_2_000000014005C420
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008A4307_2_000000014008A430
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400AA44F7_2_00000001400AA44F
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014005B4807_2_000000014005B480
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A14E47_2_00000001400A14E4
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400265107_2_0000000140026510
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400255207_2_0000000140025520
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400865407_2_0000000140086540
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400955987_2_0000000140095598
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400066107_2_0000000140006610
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014009666C7_2_000000014009666C
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A86747_2_00000001400A8674
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A36A87_2_00000001400A36A8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A46E47_2_00000001400A46E4
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400547207_2_0000000140054720
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400627507_2_0000000140062750
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008A7807_2_000000014008A780
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014005B7807_2_000000014005B780
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014009579C7_2_000000014009579C
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014009F7E67_2_000000014009F7E6
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400398CD7_2_00000001400398CD
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014007C8E07_2_000000014007C8E0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014009A9247_2_000000014009A924
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140033A307_2_0000000140033A30
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A6A687_2_00000001400A6A68
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140030A807_2_0000000140030A80
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140075AB07_2_0000000140075AB0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014005BAB07_2_000000014005BAB0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140060AC07_2_0000000140060AC0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140051AF07_2_0000000140051AF0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140078B007_2_0000000140078B00
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400ABB907_2_00000001400ABB90
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140057CEB7_2_0000000140057CEB
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140090D147_2_0000000140090D14
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140074D407_2_0000000140074D40
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140098D507_2_0000000140098D50
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140005DB07_2_0000000140005DB0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014005BDD07_2_000000014005BDD0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003ADD07_2_000000014003ADD0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140037E707_2_0000000140037E70
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140030E807_2_0000000140030E80
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140080E907_2_0000000140080E90
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140075EF07_2_0000000140075EF0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003BF407_2_000000014003BF40
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BFFBC7_2_00000001400BFFBC
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: String function: 000000014002E1D0 appears 33 times
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: String function: 0000000140036940 appears 41 times
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: String function: 00000001400486B0 appears 92 times
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: String function: 000000014002BA80 appears 32 times
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: String function: 0000000140098254 appears 34 times
                Source: Xeno Executor.exeStatic PE information: Number of sections : 11 > 10
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@1/2
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008B9B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,7_2_000000014008B9B0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003E610 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_000000014003E610
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140074D40 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,7_2_0000000140074D40
                Source: C:\Users\user\Desktop\Xeno Executor.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963857C1C36
                Source: Xeno Executor.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Xeno Executor.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Xeno Executor.exeReversingLabs: Detection: 48%
                Source: Xeno Executor.exeVirustotal: Detection: 58%
                Source: unknownProcess created: C:\Users\user\Desktop\Xeno Executor.exe "C:\Users\user\Desktop\Xeno Executor.exe"
                Source: C:\Users\user\Desktop\Xeno Executor.exeProcess created: C:\Users\user\Desktop\Xeno Executor.exe "C:\Users\user\Desktop\Xeno Executor.exe"
                Source: C:\Users\user\Desktop\Xeno Executor.exeProcess created: C:\Users\user\Desktop\Xeno Executor.exe "C:\Users\user\Desktop\Xeno Executor.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: drprov.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: ntlanman.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: davclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: davhlpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Xeno Executor.exeStatic PE information: Image base 0x140000000 > 0x60000000
                Source: Xeno Executor.exeStatic file information: File size 4269056 > 1048576
                Source: Xeno Executor.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x38c000
                Source: Xeno Executor.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Xeno Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Xeno Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Xeno Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Xeno Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Xeno Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,7_2_000000014003D570
                Source: Xeno Executor.exeStatic PE information: section name: .00cfg
                Source: Xeno Executor.exeStatic PE information: section name: .gxfg
                Source: Xeno Executor.exeStatic PE information: section name: .retplne
                Source: Xeno Executor.exeStatic PE information: section name: _RDATA
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014004CAB2 push rdi; retf 0004h7_2_000000014004CAB5
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014007C600 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,7_2_000000014007C600
                Source: C:\Users\user\Desktop\Xeno Executor.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_7-67696
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BB500 FindClose,FindFirstFileExW,GetLastError,7_2_00000001400BB500
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,7_2_00000001400BB5B0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D54A0 FindFirstFileExW,7_2_00000001400D54A0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400873F0 GetLogicalDriveStringsW,7_2_00000001400873F0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140099038 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,7_2_0000000140099038
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: Xeno Executor.exeBinary or memory string: VBoxGuest
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: Xeno Executor.exeBinary or memory string: VBoxMouse
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: Xeno Executor.exeBinary or memory string: VBoxTray
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1331055519.000001CF3ACD6000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1346884496.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1346449596.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1347973430.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1349929772.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8g
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: Xeno Executor.exe, 00000007.00000003.1331055519.000001CF3ACD6000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1346884496.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1346449596.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1347973430.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1349929772.000001CF3ACD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: Xeno Executor.exeBinary or memory string: VBoxMRXNP
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW k
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: Xeno Executor.exeBinary or memory string: VBoxHook
                Source: Xeno Executor.exeBinary or memory string: VBoxSF
                Source: Xeno Executor.exe, 00000007.00000003.1346970475.000001CF3D71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\Desktop\Xeno Executor.exeAPI call chain: ExitProcess graph end nodegraph_7-67646
                Source: C:\Users\user\Desktop\Xeno Executor.exeAPI call chain: ExitProcess graph end nodegraph_7-67641
                Source: C:\Users\user\Desktop\Xeno Executor.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014008A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,7_2_000000014008A430
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400AF2B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00000001400AF2B8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400BD804 GetLastError,IsDebuggerPresent,OutputDebugStringW,7_2_00000001400BD804
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014003D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,7_2_000000014003D570
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400A9EEC GetProcessHeap,7_2_00000001400A9EEC
                Source: C:\Users\user\Desktop\Xeno Executor.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400AF2B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00000001400AF2B8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400D52E0 SetUnhandledExceptionFilter,7_2_00000001400D52E0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140097F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0000000140097F68

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Xeno Executor.exeMemory written: C:\Users\user\Desktop\Xeno Executor.exe base: 140000000 value starts with: 4D5AJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Users\user\Desktop\Xeno Executor.exeThread register set: target process: 7756Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_000000014007B420 ShellExecuteW,7_2_000000014007B420
                Source: C:\Users\user\Desktop\Xeno Executor.exeProcess created: C:\Users\user\Desktop\Xeno Executor.exe "C:\Users\user\Desktop\Xeno Executor.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400ADF10 cpuid 7_2_00000001400ADF10
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoW,7_2_000000014009E020
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: EnumSystemLocalesW,7_2_00000001400A9030
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_00000001400A90C8
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoEx,FormatMessageA,7_2_00000001400BB170
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoW,7_2_00000001400A9310
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoW,7_2_00000001400D53A0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00000001400A9468
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: GetLocaleInfoW,7_2_00000001400A9518
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00000001400A964C
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: EnumSystemLocalesW,7_2_000000014009DAE0
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00000001400A8C04
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: EnumSystemLocalesW,7_2_00000001400A8F60
                Source: C:\Users\user\Desktop\Xeno Executor.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 5_2_00007FF6E3E2FDE4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_00007FF6E3E2FDE4
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_0000000140086150 GetUserNameW,7_2_0000000140086150
                Source: C:\Users\user\Desktop\Xeno Executor.exeCode function: 7_2_00000001400876A0 GetTimeZoneInformation,7_2_00000001400876A0

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: Xeno Executor.exe PID: 7756, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 7.2.Xeno Executor.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.Xeno Executor.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Xeno Executor.exe PID: 7756, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\config
                Source: Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
                Source: Xeno Executor.exe, 00000007.00000003.1390249511.000001CF3F507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K",
                Source: Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: Xeno Executor.exe, 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\Xeno Executor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\Xeno Executor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\Xeno Executor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: Process Memory Space: Xeno Executor.exe PID: 7756, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: Xeno Executor.exe PID: 7756, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 7.2.Xeno Executor.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.Xeno Executor.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Xeno Executor.exe PID: 7756, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Deobfuscate/Decode Files or Information                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		2
                Obfuscated Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Access Token Manipulation                		1
                DLL Side-Loading                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
                Process Injection                		1
                Access Token Manipulation                		NTDS35
                System Information Discovery                		Distributed Component Object Model1
                Email Collection                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script211
                Process Injection                		LSA Secrets1
                Query Registry                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials31
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                System Owner/User Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Xeno Executor.exe49%ReversingLabsWin64.Trojan.MeduzaStealer
                Xeno Executor.exe58%VirustotalBrowse
                Xeno Executor.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		104.26.13.205
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ns.adobe.hotoshXeno Executor.exe, 00000007.00000003.1330445171.000001CF3C881000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2522160496.000001CF3C890000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabXeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1343381202.000001CF3D635000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D636000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1343381202.000001CF3D635000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D636000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoXeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://ns.a.0/sTyXeno Executor.exe, 00000007.00000003.1330445171.000001CF3C881000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000002.2522160496.000001CF3C890000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgXeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchXeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&uXeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.Xeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9eXeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1343381202.000001CF3D635000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D636000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgXeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344651900.000001CF3ACF7000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.mozilla.orgXeno Executor.exe, 00000007.00000003.1352251079.000001CF3D7F8000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D659000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D651000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA80000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1352013074.000001CF3CA88000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D67C000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D76D000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356155482.000001CF3D775000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.ecosia.org/newtab/Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Xeno Executor.exe, 00000007.00000003.1344330666.000001CF3D64E000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1344138386.000001CF3ACF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brXeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKXeno Executor.exe, 00000007.00000003.1356421465.000001CF3D661000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctaXeno Executor.exe, 00000007.00000003.1357781449.000001CF3D6A9000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1357762679.000001CF3CFFA000.00000004.00000020.00020000.00000000.sdmp, Xeno Executor.exe, 00000007.00000003.1356421465.000001CF3D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              5.252.155.28
                                                              		unknownRussian Federation
                                                              		49981WORLDSTREAMNLtrue
                                                              104.26.13.205
                                                              		api.ipify.orgUnited States
                                                              		13335CLOUDFLARENETUSfalse

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1570765
                                                              Start date and time:2024-12-08 02:11:07 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 5m 7s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:14
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:Xeno Executor.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.spyw.evad.winEXE@3/0@1/2
                                                              EGA Information:
                                                              • Successful, ratio: 50%
                                                              HCA Information:
                                                              • Successful, ratio: 64%
                                                              • Number of executed functions: 76
                                                              • Number of non-executed functions: 111
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                              • Execution Graph export aborted for target Xeno Executor.exe, PID 7676 because there are no executed function
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                              • Report size exceeded maximum capacity and may have missing network information.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                              Simulations

                                                              Behavior and APIs

                                                              No simulations

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              5.252.155.28file.exeGet hashmaliciousAmadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, VidarBrowse
                                                                file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  104.26.13.205BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                                                  • api.ipify.org/
                                                                  lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                                                  • api.ipify.org/
                                                                  Simple1.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                  • api.ipify.org/
                                                                  Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                  • api.ipify.org/
                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                  • api.ipify.org/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  api.ipify.orgfile.exeGet hashmaliciousAmadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, VidarBrowse
                                                                  • 172.67.74.152
                                                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  • 104.26.12.205
                                                                  malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                                  • 172.67.74.152
                                                                  Overdue_payment.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  TECHNICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.12.205
                                                                  Shipping Documents 72908672134.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.13.205
                                                                  980001672 PPR for 30887217.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  y1rS62yprs.exeGet hashmaliciousBabadedaBrowse
                                                                  • 104.26.13.205
                                                                  apilibx64.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  • 104.26.12.205
                                                                  xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                  • 104.26.12.205

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  CLOUDFLARENETUSDelta.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 104.21.16.9
                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 172.67.165.166
                                                                  Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 104.21.36.51
                                                                  'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 172.67.185.163
                                                                  Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 104.21.24.90
                                                                  Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 172.67.185.163
                                                                  meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 8.44.96.113
                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 172.67.165.166
                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 104.21.16.9
                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                  • 172.67.165.166
                                                                  WORLDSTREAMNLfile.exeGet hashmaliciousAmadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, VidarBrowse
                                                                  • 5.252.155.28
                                                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  • 5.252.155.28
                                                                  spc.elfGet hashmaliciousMiraiBrowse
                                                                  • 213.108.199.252
                                                                  https://kbprinters.com/serviciodecorreo/loginGet hashmaliciousUnknownBrowse
                                                                  • 217.23.10.192
                                                                  Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                                                  • 194.88.105.30
                                                                  1Zp7qa5zFD.exeGet hashmaliciousAsyncRATBrowse
                                                                  • 89.39.106.35
                                                                  nabx86.elfGet hashmaliciousUnknownBrowse
                                                                  • 45.139.57.89
                                                                  SecuriteInfo.com.Trojan.DownLoader25.33926.32281.13140.exeGet hashmaliciousUnknownBrowse
                                                                  • 109.236.88.70
                                                                  SecuriteInfo.com.Trojan.DownLoader25.33926.32281.13140.exeGet hashmaliciousUnknownBrowse
                                                                  • 109.236.88.70
                                                                  sj9eYmr725.exeGet hashmaliciousQuasarBrowse
                                                                  • 185.177.125.198

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousAmadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, VidarBrowse
                                                                  • 104.26.13.205
                                                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  • 104.26.13.205
                                                                  malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                                  • 104.26.13.205
                                                                  INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                  • 104.26.13.205
                                                                  Bank Swift and SOA PRN00720031415453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                  • 104.26.13.205
                                                                  RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                  • 104.26.13.205
                                                                  Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                  • 104.26.13.205
                                                                  IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                  • 104.26.13.205
                                                                  AdminAccounts.aspx.dllGet hashmaliciousMatanbuchusBrowse
                                                                  • 104.26.13.205
                                                                  AdminAccounts.aspx.dllGet hashmaliciousMatanbuchusBrowse
                                                                  • 104.26.13.205

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  No created / dropped files found

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Entropy (8bit):5.07543770420625
                                                                  TrID:
                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:Xeno Executor.exe
                                                                  File size:4'269'056 bytes
                                                                  MD5:36517f5bfae396a1d223e7491a3044cc
                                                                  SHA1:591a20349741340b21e0d3ea7d70a7df4043e925
                                                                  SHA256:e5d7e8537578b6c2f2ad9d842c51fcda0535c82b4e84c52537afe852687aa5f2
                                                                  SHA512:23dac5a4cca030209d9e35ba04bf0388aa0088d5e7ba4020978e77e1eeefe7f70be60bd8ccdfb81732523b726b225c6df48d005857f5b4424ec3df52f13b6394
                                                                  SSDEEP:49152:Xl4UjB0jUuB5ykrT/v+Qcr9tF3Vm2Jzd8SgN1IRA:14UjKguKA
                                                                  TLSH:3716E067E94078FED874903489970777A63BB480873287DB2698162A5E5BBD42F3FF40
                                                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...r_@g.........."...........9................@..............................A...........`........................................

                                                                  File Icon

                                                                  Icon Hash:00928e8e8686b000

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x14004fdd0
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x140000000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x67405F72 [Fri Nov 22 10:39:46 2024 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:6
                                                                  OS Version Minor:0
                                                                  File Version Major:6
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:6
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:ce5eab935d79deb808c783e73ea12cf9

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  dec eax
                                                                  sub esp, 28h
                                                                  call 00007F80DD3ABE40h
                                                                  dec eax
                                                                  add esp, 28h
                                                                  jmp 00007F80DD3ABCAFh
                                                                  int3
                                                                  int3
                                                                  dec eax
                                                                  mov dword ptr [esp+18h], ebx
                                                                  push ebp
                                                                  dec eax
                                                                  mov ebp, esp
                                                                  dec eax
                                                                  sub esp, 30h
                                                                  dec eax
                                                                  mov eax, dword ptr [003B7248h]
                                                                  dec eax
                                                                  mov ebx, 2DDFA232h
                                                                  cdq
                                                                  sub eax, dword ptr [eax]
                                                                  add byte ptr [eax+3Bh], cl
                                                                  ret
                                                                  jne 00007F80DD3ABEA6h
                                                                  dec eax
                                                                  and dword ptr [ebp+10h], 00000000h
                                                                  dec eax
                                                                  lea ecx, dword ptr [ebp+10h]
                                                                  call dword ptr [003AC582h]
                                                                  dec eax
                                                                  mov eax, dword ptr [ebp+10h]
                                                                  dec eax
                                                                  mov dword ptr [ebp-10h], eax
                                                                  call dword ptr [003AC4D4h]
                                                                  mov eax, eax
                                                                  dec eax
                                                                  xor dword ptr [ebp-10h], eax
                                                                  call dword ptr [003AC4C0h]
                                                                  mov eax, eax
                                                                  dec eax
                                                                  lea ecx, dword ptr [ebp+18h]
                                                                  dec eax
                                                                  xor dword ptr [ebp-10h], eax
                                                                  call dword ptr [003AC630h]
                                                                  mov eax, dword ptr [ebp+18h]
                                                                  dec eax
                                                                  lea ecx, dword ptr [ebp-10h]
                                                                  dec eax
                                                                  shl eax, 20h
                                                                  dec eax
                                                                  xor eax, dword ptr [ebp+18h]
                                                                  dec eax
                                                                  xor eax, dword ptr [ebp-10h]
                                                                  dec eax
                                                                  xor eax, ecx
                                                                  dec eax
                                                                  mov ecx, FFFFFFFFh

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3fbdb80x50.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x4190000x1a8.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x40b0000x6594.pdata
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x41a0000x1e18.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x3efd800x28.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xe60a00x140.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x3fc1e00x3d8.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x791160x79200101fd131b38e4fd5c4b31887d7ad38f3False0.49460421504127966data6.44155671990377IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x7b0000x38bebc0x38c000160cc843cdb283940f2f610c7cff832funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x4070000x36f80x1c007568d2f08f4ac81dae4d5e33ab60923aFalse0.17047991071428573zlib compressed data3.5531018656709605IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .pdata0x40b0000x65940x6600496dfa0147e7c873a9f17489df23c1fcFalse0.4821155024509804data5.74343672787325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .00cfg0x4120000x380x2007c2bb310d1981b513910f4cc9c8721d1False0.0703125data0.4879996533427816IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .gxfg0x4130000x22000x2200a3fb3e1da377202334d413fbe0e439a4False0.4314108455882353data5.230691552229934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .retplne0x4160000x8c0x2008c950f651287cbc1296bcb4e8cd7e990False0.126953125data1.050583247971927
                                                                  .tls0x4170000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  _RDATA0x4180000x1f40x200d5aa635e227a5741f7ba58c4dba5b19fFalse0.525390625data4.216026285396426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .rsrc0x4190000x1a80x200d38b4cd68eb239a7aa6a06b6f8091e1dFalse0.484375data4.179663701400347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0x41a0000x1e180x20006ea7154105c61bbadcf24404b7fcf3ecFalse0.6947021484375data6.375630824063806IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_MANIFEST0x4190600x143XML 1.0 document, ASCII textEnglishUnited States0.628482972136223

                                                                  Imports

                                                                  DLLImport
                                                                  USER32.dllGetRawInputDeviceInfoW, GetRawInputDeviceList
                                                                  KERNEL32.dllAcquireSRWLockExclusive, AreFileApisANSI, CloseHandle, CreateFileMappingW, CreateFileW, CreateProcessA, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindFirstFileW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FormatMessageA, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileAttributesExW, GetFileInformationByHandleEx, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoEx, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetUserDefaultLCID, GlobalAlloc, GlobalFree, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, K32EnumDeviceDrivers, K32GetDeviceDriverBaseNameW, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MapViewOfFile, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, ReleaseSRWLockExclusive, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetFilePointerEx, SetLastError, SetStdHandle, SetThreadContext, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnmapViewOfFile, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualProtect, VirtualQuery, VirtualQueryEx, WideCharToMultiByte, WriteConsoleW, WriteFile, WriteProcessMemory
                                                                  MPR.dllWNetCloseEnum, WNetEnumResourceA, WNetOpenEnumA

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2024-12-08T02:12:18.874077+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.7497015.252.155.2815666TCP
                                                                  2024-12-08T02:12:18.874077+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.7497015.252.155.2815666TCP
                                                                  2024-12-08T02:12:18.874077+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.7497015.252.155.2815666TCP
                                                                  2024-12-08T02:12:18.993941+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.7497015.252.155.2815666TCP
                                                                  2024-12-08T02:12:18.993941+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.7497015.252.155.2815666TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 8, 2024 02:12:08.261595964 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:08.381135941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:08.381207943 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:10.676445007 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:10.676465988 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:10.676740885 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:10.684488058 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:10.684503078 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.053451061 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.053667068 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:12.108831882 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:12.108846903 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.109116077 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.110470057 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:12.111655951 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:12.159329891 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.493623018 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.493674994 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:12.493755102 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:12.494049072 CET49702443192.168.2.7104.26.13.205
                                                                  Dec 8, 2024 02:12:12.494059086 CET44349702104.26.13.205192.168.2.7
                                                                  Dec 8, 2024 02:12:18.874077082 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.993789911 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.993803024 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.993860006 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.993906021 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.993941069 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.993984938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.994040012 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.994071960 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.994116068 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.994133949 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.994163990 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.994178057 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.994225025 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.994287968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.994297981 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:18.994334936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:18.994359016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.114729881 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.114768028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.114850998 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.114859104 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.114861965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.114891052 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.114902973 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.114908934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.114932060 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.114991903 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.115004063 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.115739107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.115771055 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.115822077 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.115881920 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.115941048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.117014885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.117069006 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.117101908 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.117151022 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.117156982 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.117213011 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.117913961 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.117971897 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.234483957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.234524012 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.234584093 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.234592915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.234646082 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.234669924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.234723091 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.234734058 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.234782934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.234787941 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.234833956 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.235419035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.235485077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.235541105 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.235553026 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.235615969 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.235650063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.235673904 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.235699892 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236500025 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236541986 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236551046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236582041 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236594915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236604929 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236649036 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236691952 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236746073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236747980 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236788034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236860037 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236900091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.236910105 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.236948013 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237018108 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237027884 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237081051 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237133026 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237159967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237190962 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237209082 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237643957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237664938 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237696886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237711906 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237737894 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237790108 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.237801075 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.237838030 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354020119 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354136944 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354163885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354197979 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354240894 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354291916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354301929 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354337931 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354379892 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354397058 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354432106 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354490995 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354501009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354538918 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354557991 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354562998 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354568005 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354671001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354681015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354712963 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354732990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354743958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354754925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354795933 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354809046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354851961 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354892969 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354923010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354937077 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.354949951 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354990959 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.354991913 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355047941 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355096102 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355112076 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355123997 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355144978 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355158091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355178118 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355195999 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355235100 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355302095 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355361938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355367899 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355396986 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355442047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355451107 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355489969 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355499029 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355562925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355571985 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355624914 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355684996 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355695009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355755091 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355772972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355782986 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355813026 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.355839014 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355866909 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.355966091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356025934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356065035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356079102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356117964 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356120110 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356194973 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356240034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356242895 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356261015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356286049 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356311083 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356338024 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356348038 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356399059 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356404066 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356416941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356467962 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356523991 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356534004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356583118 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356645107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356656075 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356688976 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356703043 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356712103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356765985 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356806040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356816053 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356867075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.356877089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356925011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.356976032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357047081 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357057095 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357110977 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357110977 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357122898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357166052 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357193947 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357235909 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357269049 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357299089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357304096 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357358932 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357399940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357409954 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357444048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357460022 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.357480049 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357490063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.357539892 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.474589109 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.474598885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.474644899 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.474716902 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.474754095 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475116968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475167990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475214005 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475224972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475274086 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475307941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475332022 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475348949 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475383997 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475421906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475433111 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475477934 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475483894 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475493908 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475539923 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475902081 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475909948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.475954056 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.475961924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.476027012 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.476094007 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.476142883 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.476468086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.476478100 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.476511002 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.476521015 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.476558924 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477272034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477294922 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477332115 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477333069 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477349997 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477366924 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477655888 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477675915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477705002 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477720976 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477777004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477804899 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477821112 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477855921 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477901936 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477912903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.477960110 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.477987051 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478018999 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478032112 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478071928 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478105068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478113890 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478163004 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478210926 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478257895 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478281021 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478297949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478307009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478332996 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478351116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478388071 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478398085 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478442907 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478564024 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478573084 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478616953 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478656054 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478666067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478704929 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478733063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478746891 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478786945 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478811026 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478815079 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478826046 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478869915 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.478929996 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478939056 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478971004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.478980064 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.479022980 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.479670048 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.479712963 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.479718924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.479729891 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.479763985 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.479764938 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.479774952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.479795933 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.479799032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.479826927 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.479881048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.480323076 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480370998 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.480418921 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480429888 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480438948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480478048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.480544090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480554104 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480573893 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.480591059 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.480601072 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.480628014 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.481636047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481645107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481684923 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.481694937 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481720924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481738091 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.481756926 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.481796980 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481828928 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481842041 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.481867075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.481878042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.481923103 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.482597113 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.482640028 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.482682943 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.482692957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.482741117 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.482785940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.482803106 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.482819080 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.482831955 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.482842922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.482861042 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484455109 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484476089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484504938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484520912 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484568119 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484579086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484611034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484611988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484628916 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484641075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484654903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484703064 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.484720945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.484769106 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.485641956 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485666990 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485718966 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.485744953 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485754967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485799074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.485845089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485855103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485888004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.485908031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.485925913 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487401962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487423897 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487449884 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487466097 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487472057 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487507105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487521887 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487541914 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487684965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487694979 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487740040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487741947 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487785101 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487793922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487822056 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487828016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487868071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487891912 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.487936020 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.487987995 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488007069 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488051891 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488053083 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488060951 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488123894 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488154888 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488164902 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488192081 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488212109 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488224983 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488243103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488284111 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488354921 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488369942 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488394022 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488415956 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488416910 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488434076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488475084 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488480091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488497972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488527060 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488555908 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488580942 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488596916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488641977 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488662958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488672972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488694906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488718987 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488732100 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488737106 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488786936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488830090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488840103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488882065 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488924026 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488933086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488972902 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.488981009 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.488981962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489008904 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489031076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489087105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489120960 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489128113 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489202976 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489218950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489229918 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489275932 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489303112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489340067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489355087 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489379883 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489398956 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489413977 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489434958 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489444971 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489464998 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489506006 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489514112 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489548922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489587069 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489598989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489630938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489638090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.489691973 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.489726067 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594204903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594218969 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594288111 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594321966 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594345093 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594352007 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594394922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594433069 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594443083 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594481945 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594630957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594670057 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594700098 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594744921 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594835043 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594844103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594892025 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594901085 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.594904900 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.594948053 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595004082 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595052004 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595118999 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595128059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595141888 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595153093 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595170021 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595199108 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595216990 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595227003 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595247984 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595271111 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595284939 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595320940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595347881 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595376968 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595390081 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595418930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595427990 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595468998 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595549107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595558882 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595598936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595604897 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595616102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595650911 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595726013 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595735073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595742941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595776081 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595798016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595832109 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595841885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595885992 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.595921993 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.595990896 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596009970 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596019030 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596051931 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596074104 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596153975 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596163988 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596210003 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596247911 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596291065 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596736908 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596786976 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596832991 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596849918 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596882105 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596899033 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.596966028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.596975088 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597017050 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597023010 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597068071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597182989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597193003 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597233057 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597254992 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597306013 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597313881 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597325087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597335100 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597352982 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597373962 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597440958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597455978 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597480059 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597481012 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597491980 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597508907 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597526073 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597537041 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597611904 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597621918 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597661972 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597703934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597714901 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597728968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597747087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597764969 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597795010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597805023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597815037 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597856998 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597887039 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597939968 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.597970963 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597987890 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.597996950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598018885 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598042965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598154068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598162889 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598182917 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598203897 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598229885 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598289013 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598309040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598319054 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598346949 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598361969 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598371983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598411083 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598484039 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598494053 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598534107 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598557949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598568916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598577976 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598609924 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598630905 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598656893 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598666906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598711967 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598766088 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598774910 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598783016 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598822117 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598867893 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598879099 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598889112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598970890 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.598973989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598985910 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.598997116 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599005938 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599020004 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599035025 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599050045 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599076033 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599086046 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599128008 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599179029 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599190950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599214077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599220037 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599224091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599245071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599252939 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599253893 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599275112 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599298954 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599318027 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599344015 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599406004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599416018 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599450111 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599457979 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599468946 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599497080 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599515915 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599522114 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599534035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599577904 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599622011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599673986 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599684954 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599697113 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599708080 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599724054 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599750042 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599801064 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599811077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599827051 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599874973 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.599981070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.599989891 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600053072 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600081921 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600094080 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600116968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600128889 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600140095 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600151062 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600167990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600181103 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600217104 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600227118 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600275993 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600311041 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600352049 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600362062 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600366116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600399971 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600402117 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600445032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.600471973 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.600517988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601165056 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601175070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601217031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601259947 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601269960 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601313114 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601322889 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601356983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601366043 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601387024 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601422071 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601464987 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601511002 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601521015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601530075 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601557970 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601572990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601598024 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601649046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.601706028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601716042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601720095 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.601771116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602045059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602089882 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602231979 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602256060 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602267027 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602278948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602293968 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602313042 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602322102 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602354050 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602365017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602369070 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602411032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602524996 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602535009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602567911 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602583885 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602598906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602608919 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602636099 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.602663994 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.602679968 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.603949070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604001045 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604041100 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604089022 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604099035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604150057 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604161978 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604198933 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604206085 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604245901 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604266882 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604310036 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604335070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604351044 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604367971 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604382038 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604403019 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604422092 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604433060 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604473114 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604491949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604532957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604542971 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.604543924 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.604579926 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605192900 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605202913 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605247974 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605278015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605288029 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605331898 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605365992 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605376005 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605413914 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605457067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605482101 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605490923 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605511904 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605532885 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605564117 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605612040 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605654001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605663061 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605674028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605704069 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605725050 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.605745077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.605796099 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.606971025 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607029915 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607029915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607075930 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607142925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607153893 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607201099 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607352972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607399940 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607440948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607489109 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607548952 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607595921 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607597113 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607639074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607790947 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607800961 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607845068 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607887983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607898951 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.607940912 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.607990980 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608006954 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608035088 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608048916 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608148098 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608160019 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608197927 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608321905 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608339071 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608371973 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608392954 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608407021 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608422041 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608445883 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608460903 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608597994 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608644009 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608650923 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608695030 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608876944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.608927965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.608961105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609004974 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609026909 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609071970 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609113932 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609123945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609155893 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609168053 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609179974 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609205961 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609252930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609262943 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609304905 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609389067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609400034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609441996 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609450102 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609462023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609472036 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609498024 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609524965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609575987 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609585047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609589100 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609638929 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609668016 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609678030 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609687090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609697104 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609711885 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609745979 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609822989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609833002 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609842062 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.609930038 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.609999895 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610009909 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610018015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610028028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610057116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610088110 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610097885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610106945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610143900 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610260010 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610270023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610282898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610292912 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610301971 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610322952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610356092 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610367060 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610409021 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610428095 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610439062 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610446930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610503912 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610559940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610569000 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610578060 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610616922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610682011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610692978 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610703945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610708952 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610752106 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610775948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610786915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610835075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610862017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610862970 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610872030 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610882998 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610913992 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610933065 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.610959053 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610981941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.610991001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611011982 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611030102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611037016 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611131907 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611140966 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611150980 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611186028 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611202002 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611212969 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611255884 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611264944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611319065 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611356020 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611366034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611390114 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611403942 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611432076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611521959 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611531019 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611574888 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611623049 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611670971 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611728907 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611738920 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611748934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611788988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611831903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611841917 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611881018 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611881971 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611936092 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.611963987 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611974001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.611996889 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.612016916 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.612036943 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714160919 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714238882 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714277029 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714315891 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714425087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714478016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714502096 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714545965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714632988 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714679003 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714684010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714724064 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714796066 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714845896 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714920044 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.714967966 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.714975119 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715018034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715075970 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715091944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715123892 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715142965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715150118 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715194941 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715368032 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715415001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715415955 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715461969 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715527058 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715536118 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715575933 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715672016 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715692997 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715714931 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715730906 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715811968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715821981 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715862989 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.715904951 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.715955019 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716023922 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716034889 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716043949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716078043 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716108084 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716149092 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716200113 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716201067 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716244936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716398954 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716444016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716465950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716507912 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716557980 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716567993 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716607094 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716660976 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716720104 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716749907 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716798067 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716826916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716875076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.716939926 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716980934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.716986895 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717036009 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717118979 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.717164040 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717227936 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.717274904 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717425108 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.717472076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717509031 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.717559099 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717752934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.717799902 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.717910051 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.717955112 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718039036 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718049049 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718090057 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718142986 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718187094 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718223095 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718251944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718274117 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718290091 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718365908 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718386889 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718408108 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718409061 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718426943 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718444109 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718558073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718604088 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718672037 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718719959 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718796968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718839884 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.718879938 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.718924046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719003916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719012976 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719059944 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719125032 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719146967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719182014 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719201088 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719228983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719276905 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719338894 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719387054 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719464064 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719505072 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719536066 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719583988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719607115 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719661951 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719664097 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719703913 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719713926 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719750881 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719829082 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719840050 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719847918 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719888926 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719903946 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.719921112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719932079 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.719969988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720009089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720053911 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720244884 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720253944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720263004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720283031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720307112 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720354080 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720362902 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720405102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720422983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720433950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720469952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720572948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720582962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720623016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720647097 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720690966 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720721960 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720767021 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720814943 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720832109 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720876932 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.720937967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720964909 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.720984936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721014023 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721035957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721046925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721081972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721088886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721129894 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721173048 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721183062 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721193075 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721216917 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721241951 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721281052 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721291065 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721333981 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721362114 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721381903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721411943 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721436977 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721462965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721509933 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721556902 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721565962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721596956 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721604109 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721615076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721652031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721764088 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721776962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721821070 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.721875906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.721925020 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722014904 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722023964 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722033024 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722068071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722089052 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722119093 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722129107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722181082 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722213030 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722235918 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722274065 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722284079 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722292900 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722321987 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722338915 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722342014 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722356081 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722382069 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722393036 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722469091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722480059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722512960 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722526073 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722532034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722547054 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722557068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722580910 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722605944 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722640038 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722650051 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722661018 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722676992 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722698927 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722714901 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722775936 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722786903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722795963 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722805023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722827911 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722858906 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.722955942 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722965956 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722975969 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722986937 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.722996950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723012924 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723042011 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723069906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723079920 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723089933 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723121881 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723143101 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723222017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723232985 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723242044 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723257065 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723267078 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723308086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723310947 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723350048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723417997 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723431110 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723442078 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723459959 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723474026 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723493099 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723534107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723576069 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723615885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723627090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723651886 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723658085 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723676920 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723697901 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723777056 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723823071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723886967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723897934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723906994 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723932028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723937988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723942041 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.723954916 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.723989010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724037886 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724082947 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724179029 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724190950 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724199057 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724226952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724241972 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724296093 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724308014 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724345922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724381924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724427938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724462032 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724473000 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724512100 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724525928 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724564075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724592924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724608898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724634886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724647999 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724657059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724668026 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724704027 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724864006 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724896908 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.724916935 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724942923 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.724992037 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725039959 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725047112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725085974 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725135088 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725178957 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725182056 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725193977 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725219965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725233078 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725236893 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725272894 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725408077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725431919 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.725449085 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.725476980 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726070881 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726093054 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726103067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726116896 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726119041 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726138115 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726142883 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726147890 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726159096 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726170063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726170063 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726181984 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726197958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726202011 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726213932 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726224899 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726232052 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726233959 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726246119 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726254940 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726257086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726268053 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726285934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726289034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726300001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726315022 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726317883 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726330042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726339102 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726351023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726357937 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726377010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726392031 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726403952 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726403952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726444960 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726468086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726481915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726515055 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726532936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726541042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726579905 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726641893 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726653099 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726669073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726684093 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726703882 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726761103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726783991 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726804972 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726820946 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.726918936 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.726964951 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727047920 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727091074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727138996 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727178097 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727209091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727219105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727252960 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727266073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727308989 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727396011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727446079 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727525949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727564096 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727652073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727662086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727689981 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727716923 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727721930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727772951 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.727869034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.727910995 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728018045 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728066921 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728075027 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728116989 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728138924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728189945 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728236914 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728270054 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728285074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728317976 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728368998 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728416920 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728441000 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728493929 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728562117 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728610992 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728672981 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728724957 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.728894949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.728955030 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729000092 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729051113 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729142904 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729192019 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729240894 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729285955 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729371071 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729409933 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729422092 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729450941 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729542971 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729593039 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729607105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729655981 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729790926 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.729825020 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.729954958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730010033 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730015993 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730046988 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730118036 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730164051 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730220079 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730254889 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730261087 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730302095 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730382919 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730418921 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730438948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730473995 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730518103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730541945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730568886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730585098 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730626106 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730678082 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730716944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730767965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730781078 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730832100 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730854034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730906963 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730910063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.730957031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.730978966 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731029987 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731038094 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731081963 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731153011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731175900 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731199980 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731229067 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731369972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731380939 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731427908 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731479883 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731527090 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731570959 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731584072 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731632948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731658936 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731707096 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731758118 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731770992 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731802940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731818914 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731859922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731914043 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731925011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.731971025 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.731977940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732031107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732031107 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732084036 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732181072 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732191086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732239008 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732248068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732300997 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732408047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732424021 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732435942 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732461929 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732487917 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732553005 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732563972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732609987 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732628107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732680082 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732754946 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732805967 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732821941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732830048 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732867956 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.732876062 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.732925892 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733005047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733014107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733061075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733128071 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733181000 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733242989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733253002 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733309984 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733344078 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733386993 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733459949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733469009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733520031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733525991 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733575106 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733695030 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733705044 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733751059 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733769894 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733818054 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733875036 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733884096 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.733933926 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.733979940 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.734026909 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.769534111 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.769731998 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.769807100 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.769859076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.813214064 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.813388109 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.836632967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.836740971 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.836782932 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.836852074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.836879015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.836906910 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.836956978 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.836978912 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837030888 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.837122917 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837169886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.837398052 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837451935 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.837683916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837718010 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837764978 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.837801933 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837832928 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837848902 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.837881088 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.837937117 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.837980032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838066101 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838112116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838114023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838159084 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838165045 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838177919 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838207006 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838227034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838304996 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838315010 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838357925 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838409901 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838418961 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838459015 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838481903 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838501930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838511944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838555098 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838558912 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838581085 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838602066 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838624954 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838695049 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838710070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838747978 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838814974 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838824034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838831902 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838860035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838867903 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838871002 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838900089 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838913918 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.838939905 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838948965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838984966 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.838992119 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839029074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839040995 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839060068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839081049 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839098930 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839117050 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839144945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839168072 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839184046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839205027 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839215040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839253902 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839257002 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839306116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839359999 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839370012 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839412928 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839442015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839489937 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839502096 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839510918 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839559078 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839560032 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839608908 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839636087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839647055 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839672089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839678049 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839701891 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839718103 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839744091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839778900 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839797020 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839812994 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839857101 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839883089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839891911 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839900017 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839922905 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839934111 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.839943886 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839987040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.839987040 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840029955 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840035915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840075016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840112925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840157032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840181112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840189934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840229034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840266943 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840317011 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840328932 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840364933 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840373039 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840409040 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840415001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840459108 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840488911 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840533018 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840548038 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840590000 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840595961 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840636015 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840665102 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840709925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840709925 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840739965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840758085 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840775967 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840807915 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840856075 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.840945005 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840955019 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840965033 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840972900 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.840993881 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841017008 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841068029 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841077089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841084003 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841094017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841118097 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841139078 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841164112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841214895 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841253996 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841263056 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841295958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841304064 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841305017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841346979 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841403008 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841412067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841466904 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841506004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841562033 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841602087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841645956 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841686010 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841695070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841732979 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841743946 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841784000 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841829062 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841839075 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841857910 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841873884 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841895103 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841902971 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841928959 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841938019 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.841980934 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.841990948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842036009 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842094898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842103004 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842133999 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842137098 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842158079 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842169046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842196941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842231035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842242002 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842272997 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842338085 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842346907 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842366934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842391968 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842397928 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842411041 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842428923 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842494011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842519045 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842533112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842550039 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842567921 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842577934 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842580080 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842636108 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842700958 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842710972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842740059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842757940 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842781067 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842804909 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842817068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842840910 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842856884 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842889071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842901945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842911005 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.842946053 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.842986107 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843030930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843034029 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843060017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843071938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843082905 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843103886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843117952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843131065 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843174934 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843214989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843247890 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843261957 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843277931 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843334913 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843343973 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843381882 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843400955 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843444109 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843571901 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843585968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843604088 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843619108 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843624115 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843627930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843641043 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843656063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843661070 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843667030 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843676090 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843677044 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843692064 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843725920 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843727112 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843771935 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843797922 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843810081 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843843937 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843863010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843885899 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843930006 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.843955040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843992949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.843998909 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844002962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844044924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844046116 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844068050 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844089985 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844105005 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844152927 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844162941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844198942 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844211102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844233990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844252110 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844290972 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844300032 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844333887 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844357967 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844368935 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844412088 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844429016 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844475031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844496965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844506979 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844544888 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844552040 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844558001 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844587088 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844599962 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844605923 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844647884 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844650030 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844679117 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844696999 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844717979 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844794989 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844820023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844829082 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844868898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844887018 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844912052 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.844961882 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844973087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.844988108 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845005035 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845024109 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845032930 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845110893 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845118999 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845155954 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845236063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845283985 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845371962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845381975 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845391035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845431089 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845529079 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845540047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845561028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845572948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845594883 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845664024 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845678091 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845696926 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845704079 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845722914 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845736027 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845793009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845803022 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845850945 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845906973 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845946074 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.845947027 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.845984936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846097946 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846112013 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846146107 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846159935 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846210003 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846221924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846263885 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846312046 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846343994 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846359015 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846406937 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846430063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846438885 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846477985 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846591949 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846601963 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846643925 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846762896 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846810102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846854925 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846864939 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846904993 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.846976042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.846985102 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847023010 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847045898 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847079992 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847095013 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847115040 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847136974 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847157955 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847223043 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847264051 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847348928 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847372055 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847381115 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847393990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847414970 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847486019 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847534895 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847641945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847650051 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847654104 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847706079 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847707033 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847754002 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847831011 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847840071 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847865105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.847868919 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847887993 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.847904921 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848012924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848062038 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848104000 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848148108 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848205090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848220110 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848246098 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848264933 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848309994 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848336935 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848354101 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848371983 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848407984 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848417044 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848453045 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848469019 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848495960 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848505020 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848551035 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848582983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848592997 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848625898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848640919 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848669052 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848743916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848752975 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848757029 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848803043 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.848953962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.848963022 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849008083 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849060059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849080086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849107027 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849123001 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849205971 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849222898 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849245071 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849262953 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849308968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849355936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849411964 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849426031 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849436045 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849451065 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849472046 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849490881 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849535942 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849550009 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849560022 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849581957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849600077 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849617004 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849664927 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849708080 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849715948 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849725962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849766016 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849783897 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849827051 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849829912 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849869967 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849904060 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.849948883 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.849980116 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850029945 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850084066 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850125074 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850181103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850189924 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850229025 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850292921 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850322008 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850338936 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850378990 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850403070 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850430012 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850440025 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850481033 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850538015 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850547075 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850595951 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850637913 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850660086 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850682974 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850698948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850785017 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850794077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850828886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.850895882 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850904942 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.850944996 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851048946 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851093054 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851170063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851177931 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851227045 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851320982 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851366043 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851464987 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851485968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851510048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851526022 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851537943 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851547003 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851588011 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851643085 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851682901 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851691961 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851725101 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851767063 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851777077 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851819038 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851820946 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851865053 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851917028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851927042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851934910 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.851973057 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.851989031 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852016926 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852026939 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852047920 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852067947 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852083921 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852128983 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852138042 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852180958 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852235079 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852243900 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852253914 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852288961 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852297068 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852308035 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852335930 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852338076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852355957 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852374077 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852385998 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852433920 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852447987 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852489948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852588892 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852598906 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852608919 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852642059 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852683067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852720976 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852756023 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852804899 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.852942944 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852952957 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.852993965 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853037119 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853081942 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853152037 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853166103 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853189945 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853194952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853214979 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853233099 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853281021 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853296995 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853307962 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853327036 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853348017 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853427887 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853437901 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853446007 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853461027 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853470087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853477955 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853497982 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853508949 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853625059 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853635073 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853642941 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853656054 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853688002 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853704929 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853732109 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853743076 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853753090 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853775024 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853794098 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853852034 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853862047 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853873014 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853890896 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853900909 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853902102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853918076 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853946924 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.853988886 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.853997946 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.854038954 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.854461908 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.854470968 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.854511976 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.888890028 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.889091015 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.889278889 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.889353037 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.889417887 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.889482975 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.889537096 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.889591932 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.929368019 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.929523945 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.929609060 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.966958046 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967037916 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967142105 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967144012 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967184067 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967294931 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967336893 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967398882 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967426062 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967485905 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967494965 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967551947 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967551947 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967603922 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967679024 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967716932 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967736959 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967796087 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967817068 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967868090 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967890978 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967926025 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.967953920 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:19.967973948 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968040943 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968101978 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968153000 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968204975 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968264103 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968314886 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968389034 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968439102 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968502045 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968530893 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:19.968563080 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.008743048 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:20.008961916 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009223938 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009299040 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009373903 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009432077 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009494066 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009569883 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009628057 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009694099 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.009726048 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.048940897 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:20.049091101 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.049191952 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.049256086 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.049312115 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.049344063 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.084160089 CET15666497015.252.155.28192.168.2.7
                                                                  Dec 8, 2024 02:12:20.084400892 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.084498882 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.084568977 CET4970115666192.168.2.75.252.155.28
                                                                  Dec 8, 2024 02:12:20.084639072 CET4970115666192.168.2.75.252.155.28

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Dec 8, 2024 02:12:10.533164978 CET192.168.2.71.1.1.10x390bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Dec 8, 2024 02:12:10.669888020 CET1.1.1.1192.168.2.70x390bNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                  Dec 8, 2024 02:12:10.669888020 CET1.1.1.1192.168.2.70x390bNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                  Dec 8, 2024 02:12:10.669888020 CET1.1.1.1192.168.2.70x390bNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.749702104.26.13.2054437756C:\Users\user\Desktop\Xeno Executor.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-08 01:12:12 UTC100OUTGET / HTTP/1.1
                                                                  Accept: text/html; text/plain; */*
                                                                  Host: api.ipify.org
                                                                  Cache-Control: no-cache
                                                                  2024-12-08 01:12:12 UTC424INHTTP/1.1 200 OK
                                                                  Date: Sun, 08 Dec 2024 01:12:12 GMT
                                                                  Content-Type: text/plain
                                                                  Content-Length: 12
                                                                  Connection: close
                                                                  Vary: Origin
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ee8e2c50f267d20-EWR
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1949&min_rtt=1949&rtt_var=731&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=738&delivery_rate=1495901&cwnd=207&unsent_bytes=0&cid=cbae281e8950ac39&ts=452&x=0"
                                                                  2024-12-08 01:12:12 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                  Data Ascii: 8.46.123.228


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:5
                                                                  Start time:20:12:05
                                                                  Start date:07/12/2024
                                                                  Path:C:\Users\user\Desktop\Xeno Executor.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\Desktop\Xeno Executor.exe"
                                                                  Imagebase:0x7ff6e3de0000
                                                                  File size:4'269'056 bytes
                                                                  MD5 hash:36517F5BFAE396A1D223E7491A3044CC
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:7
                                                                  Start time:20:12:06
                                                                  Start date:07/12/2024
                                                                  Path:C:\Users\user\Desktop\Xeno Executor.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\Desktop\Xeno Executor.exe"
                                                                  Imagebase:0x7ff6e3de0000
                                                                  File size:4'269'056 bytes
                                                                  MD5 hash:36517F5BFAE396A1D223E7491A3044CC
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000007.00000002.2521297473.000001CF3AC59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:false

                                                                  Disassembly

                                                                  Reset < >

                                                                    Non-executed Functions

                                                                    Function 00007FF6E3E2FDE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39timethreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.1286713785.00007FF6E3DE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6E3DE0000, based on PE: true
                                                                    • Associated: 00000005.00000002.1286693582.00007FF6E3DE0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1286759536.00007FF6E3E5B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1286759536.00007FF6E3E74000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1286759536.00007FF6E41CF000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1286984488.00007FF6E41E7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1287002403.00007FF6E41EB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1287002403.00007FF6E41F3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000005.00000002.1287043431.00007FF6E41F8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_7ff6e3de0000_Xeno Executor.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID: HZJj1;
                                                                    • API String ID: 2933794660-3872777969
                                                                    • Opcode ID: 66dffe7ee173be83caf6d25513cd58fc43f63803bf13eaf2a3b2507e135e52d1
                                                                    • Instruction ID: 410c2159adae6d3dbc0c3540fde5a32cd3fb764311c80c0fb3cf854c5e6989eb
                                                                    • Opcode Fuzzy Hash: 66dffe7ee173be83caf6d25513cd58fc43f63803bf13eaf2a3b2507e135e52d1
                                                                    • Instruction Fuzzy Hash: 7C11183BB14B068AEF008FB0E8953B833A4FB59758F441E31DA6D86BA4EF79D1548341

                                                                    Execution Graph

                                                                    Execution Coverage:6.9%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:34%
                                                                    Total number of Nodes:2000
                                                                    Total number of Limit Nodes:64
                                                                    execution_graph 64959 14004d9e6 64960 14004da02 64959->64960 64962 14004d5b0 64960->64962 64963 14004e200 64960->64963 64964 14004e223 64963->64964 64967 14004e21d 64963->64967 64965 14004e23a 64964->64965 64980 140040ca0 64964->64980 64965->64967 64969 14004e2d4 64965->64969 64966 14004e2a7 64966->64962 64967->64966 64999 140059fb0 44 API calls 4 library calls 64967->64999 65000 14002cdc0 44 API calls 64969->65000 64971 14004e316 65001 1400b0e88 64971->65001 64973 14004e327 64974 14004e355 64973->64974 65004 140048d10 44 API calls 4 library calls 64973->65004 64976 14004e200 44 API calls 64974->64976 64977 14004e400 64974->64977 65005 140048d10 44 API calls 4 library calls 64974->65005 64976->64974 64977->64962 64981 140040cdd 64980->64981 64983 140040d51 64981->64983 64984 140040d73 64981->64984 64989 140040ced _Receive_impl 64981->64989 65006 140094648 64983->65006 64986 140094648 42 API calls 64984->64986 64992 140040da1 _Yarn 64986->64992 64987 140040f1f 64987->64965 64988 140040ec1 64988->64989 64991 140040fa7 64988->64991 65026 1400ae860 64989->65026 64993 140040fd4 64991->64993 64998 140040ca0 44 API calls 64991->64998 64992->64988 64995 140094648 42 API calls 64992->64995 64997 140040f57 64992->64997 65025 140048d10 44 API calls 4 library calls 64992->65025 64993->64965 64994 140040feb 64994->64965 64995->64992 64997->64988 65033 140097754 42 API calls 3 library calls 64997->65033 64998->64994 64999->64966 65000->64971 65003 1400b0ea7 Concurrency::cancel_current_task 65001->65003 65002 1400b0ef2 RaiseException 65002->64973 65003->65002 65004->64974 65005->64974 65007 140094682 65006->65007 65008 140094664 65006->65008 65034 140094934 EnterCriticalSection 65007->65034 65035 140094e68 8 API calls memcpy_s 65008->65035 65011 140094669 65036 140098234 42 API calls _invalid_parameter_noinfo 65011->65036 65024 140094674 _invalid_parameter_noinfo 65024->64989 65025->64992 65027 1400ae869 65026->65027 65028 1400ae874 65027->65028 65029 1400aec3c IsProcessorFeaturePresent 65027->65029 65028->64987 65030 1400aec54 65029->65030 65037 1400aee34 RtlCaptureContext RtlLookupFunctionEntry capture_current_context 65030->65037 65032 1400aec67 65032->64987 65033->64997 65035->65011 65036->65024 65037->65032 65038 14009918c 65039 1400991bd 65038->65039 65040 1400991a2 65038->65040 65039->65040 65042 1400991d6 65039->65042 65069 140094e68 8 API calls memcpy_s 65040->65069 65044 1400991dc 65042->65044 65045 1400991f9 65042->65045 65043 1400991a7 65070 140098234 42 API calls _invalid_parameter_noinfo 65043->65070 65071 140094e68 8 API calls memcpy_s 65044->65071 65062 1400a33d0 65045->65062 65052 140099473 65057 140099256 65061 1400991b3 65057->65061 65090 1400a3414 42 API calls _isindst 65057->65090 65058 1400992b6 65058->65061 65091 1400a3414 42 API calls _isindst 65058->65091 65063 1400a33df 65062->65063 65064 1400991fe 65062->65064 65092 14009c3bc EnterCriticalSection 65063->65092 65072 1400a24e8 65064->65072 65069->65043 65070->65061 65071->65061 65073 1400a24f1 65072->65073 65074 140099213 65072->65074 65093 140094e68 8 API calls memcpy_s 65073->65093 65074->65052 65078 1400a2518 65074->65078 65076 1400a24f6 65094 140098234 42 API calls _invalid_parameter_noinfo 65076->65094 65079 1400a2521 65078->65079 65080 140099224 65078->65080 65095 140094e68 8 API calls memcpy_s 65079->65095 65080->65052 65084 1400a2548 65080->65084 65082 1400a2526 65096 140098234 42 API calls _invalid_parameter_noinfo 65082->65096 65085 1400a2551 65084->65085 65089 140099235 65084->65089 65097 140094e68 8 API calls memcpy_s 65085->65097 65087 1400a2556 65098 140098234 42 API calls _invalid_parameter_noinfo 65087->65098 65089->65052 65089->65057 65089->65058 65090->65061 65091->65061 65093->65076 65094->65074 65095->65082 65096->65080 65097->65087 65098->65089 65099 14008c5cb 65100 14008c5f1 65099->65100 65114 14008c5dc 65099->65114 65101 14008c5fa 65100->65101 65116 14008c7bf 65100->65116 65119 14008c652 65101->65119 65144 1400427e0 65101->65144 65102 14008c86f 65107 14008d050 44 API calls 65102->65107 65103 1400ae860 _Strcoll 3 API calls 65105 14008ceb3 65103->65105 65106 14008d050 44 API calls 65106->65116 65108 14008c888 65107->65108 65110 14008c570 3 API calls 65108->65110 65109 14008c722 65113 14008d050 44 API calls 65109->65113 65110->65114 65111 14008c570 3 API calls 65111->65116 65115 14008c75b 65113->65115 65114->65103 65118 14008c570 3 API calls 65115->65118 65116->65102 65116->65106 65116->65111 65118->65114 65119->65109 65120 14008d050 65119->65120 65140 14008c570 65119->65140 65121 14008d08f 65120->65121 65126 14008d292 65120->65126 65122 14008d308 65121->65122 65129 14008d28d 65121->65129 65150 140043d70 65121->65150 65155 14002b5b0 42 API calls 65121->65155 65156 14002b900 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 65122->65156 65125 14008d329 65157 14008e760 44 API calls 65125->65157 65126->65119 65128 14008d33f 65158 140047ac0 65128->65158 65129->65126 65169 14008e840 44 API calls 65129->65169 65132 1400b0e88 Concurrency::cancel_current_task RaiseException 65132->65129 65134 14008d38a 65135 140047ac0 44 API calls 65134->65135 65136 14008d39d 65135->65136 65137 1400b0e88 Concurrency::cancel_current_task RaiseException 65136->65137 65138 14008d3ae 65137->65138 65141 14008c5a0 65140->65141 65142 1400ae860 _Strcoll 3 API calls 65141->65142 65143 14008ceb3 65142->65143 65143->65119 65145 140042804 65144->65145 65146 1400427ed 65144->65146 65149 14004281e memcpy_s 65145->65149 65273 140048e80 65145->65273 65146->65119 65148 14004286c 65148->65119 65149->65119 65151 140043dd2 65150->65151 65154 140043d93 _Yarn 65150->65154 65170 140049030 65151->65170 65153 140043deb 65153->65121 65154->65121 65155->65121 65156->65125 65157->65128 65159 140047b17 65158->65159 65204 14002ebf0 65159->65204 65161 140047b55 65226 140050400 65161->65226 65164 140047ca4 _Receive_impl 65165 140047d24 65164->65165 65167 1400ae860 _Strcoll 3 API calls 65164->65167 65166 140047b69 _Receive_impl 65166->65165 65236 1400b0740 65166->65236 65168 140047d16 65167->65168 65168->65132 65169->65134 65171 1400491a6 65170->65171 65175 140049068 65170->65175 65191 14002b8e0 44 API calls 65171->65191 65173 1400491ab 65192 14002b820 44 API calls 2 library calls 65173->65192 65177 1400490c0 65175->65177 65178 1400490fc 65175->65178 65180 1400490cd 65175->65180 65181 1400490b3 _Yarn _Receive_impl 65175->65181 65177->65173 65177->65180 65179 1400ae888 std::_Facet_Register 44 API calls 65178->65179 65179->65181 65182 1400ae888 65180->65182 65181->65153 65185 1400ae893 65182->65185 65183 1400ae8ac 65183->65181 65185->65183 65186 1400ae8b2 65185->65186 65193 1400a9f1c 65185->65193 65187 1400ae8bd 65186->65187 65196 1400af8dc RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 65186->65196 65197 14002b820 44 API calls 2 library calls 65187->65197 65190 1400ae8c3 65192->65181 65198 1400a9f5c 65193->65198 65197->65190 65203 14009c3bc EnterCriticalSection 65198->65203 65206 14002ec2b 65204->65206 65205 14002ed21 65207 140043d70 44 API calls 65205->65207 65206->65205 65242 140048560 65206->65242 65209 14002ed3a 65207->65209 65210 140043d70 44 API calls 65209->65210 65211 14002ed53 65210->65211 65212 14002ed60 65211->65212 65262 140048d10 44 API calls 4 library calls 65211->65262 65214 140043d70 44 API calls 65212->65214 65215 14002edaa 65214->65215 65216 140043d70 44 API calls 65215->65216 65217 14002edbf 65216->65217 65219 14002ee3c 65217->65219 65220 14002ee03 _Receive_impl 65217->65220 65218 1400ae860 _Strcoll 3 API calls 65221 14002ee28 65218->65221 65263 1400b07d0 65219->65263 65220->65218 65221->65161 65224 1400b07d0 __std_exception_destroy 9 API calls 65225 14002ee92 _Receive_impl 65224->65225 65225->65161 65227 140050464 65226->65227 65228 140050458 65226->65228 65230 140043d70 44 API calls 65227->65230 65229 140048560 44 API calls 65228->65229 65229->65227 65231 140050481 65230->65231 65232 140043d70 44 API calls 65231->65232 65233 14005049a 65232->65233 65234 140043d70 44 API calls 65233->65234 65235 1400504b3 65234->65235 65235->65166 65237 1400b0761 65236->65237 65241 1400b07ab 65236->65241 65238 1400b0796 65237->65238 65237->65241 65271 140098cb0 42 API calls 2 library calls 65237->65271 65272 140097620 9 API calls 3 library calls 65238->65272 65241->65164 65243 14004869a 65242->65243 65248 140048589 65242->65248 65267 14002b8e0 44 API calls 65243->65267 65245 1400485ee 65247 1400ae888 std::_Facet_Register 44 API calls 65245->65247 65246 14004869f 65268 14002b820 44 API calls 2 library calls 65246->65268 65253 1400485d4 _Yarn 65247->65253 65248->65245 65250 1400485e1 65248->65250 65251 14004861d 65248->65251 65248->65253 65250->65245 65250->65246 65252 1400ae888 std::_Facet_Register 44 API calls 65251->65252 65252->65253 65254 14004870c 65253->65254 65256 140048765 65253->65256 65257 14004875a 65253->65257 65261 140048667 _Yarn _Receive_impl 65253->65261 65255 1400ae888 std::_Facet_Register 44 API calls 65254->65255 65255->65261 65259 1400ae888 std::_Facet_Register 44 API calls 65256->65259 65257->65254 65258 14004879f 65257->65258 65269 14002b820 44 API calls 2 library calls 65258->65269 65259->65261 65261->65205 65262->65212 65264 1400b07df 65263->65264 65265 14002ee85 65263->65265 65270 140097620 9 API calls 3 library calls 65264->65270 65265->65224 65268->65253 65269->65261 65270->65265 65271->65238 65272->65241 65274 14004900f 65273->65274 65278 140048eaf 65273->65278 65285 14002b8e0 44 API calls 65274->65285 65276 140048f19 65279 1400ae888 std::_Facet_Register 44 API calls 65276->65279 65277 140049014 65286 14002b820 44 API calls 2 library calls 65277->65286 65278->65276 65281 140048f48 65278->65281 65282 140048f0c 65278->65282 65284 140048eff _Yarn memcpy_s _Receive_impl 65278->65284 65279->65284 65283 1400ae888 std::_Facet_Register 44 API calls 65281->65283 65282->65276 65282->65277 65283->65284 65284->65148 65286->65284 65287 1400ae9d0 65288 1400ae9d8 65287->65288 65289 1400ae9e4 __scrt_dllmain_crt_thread_attach 65288->65289 65290 1400ae9ed 65289->65290 65291 1400ae9f1 65289->65291 65291->65290 65293 1400b0e6c DeleteCriticalSection __vcrt_uninitialize_ptd __vcrt_uninitialize_locks 65291->65293 65293->65290 65294 14009bd30 65305 14009c3bc EnterCriticalSection 65294->65305 65306 14007fc10 65307 14007fc40 65306->65307 65312 1400bb5b0 65307->65312 65310 1400ae860 _Strcoll 3 API calls 65311 14007fc96 65310->65311 65315 1400bb5f2 65312->65315 65313 1400bb5fb __std_fs_convert_wide_to_narrow 65314 1400ae860 _Strcoll 3 API calls 65313->65314 65317 14007fc59 65314->65317 65315->65313 65316 1400bb70d 65315->65316 65318 1400bb653 GetFileAttributesExW 65315->65318 65344 1400bb984 CreateFileW __std_fs_convert_wide_to_narrow 65316->65344 65317->65310 65321 1400bb6b8 65318->65321 65322 1400bb667 __std_fs_convert_wide_to_narrow 65318->65322 65320 1400bb730 65323 1400bb803 65320->65323 65324 1400bb765 GetFileInformationByHandleEx 65320->65324 65335 1400bb736 _invalid_parameter_noinfo 65320->65335 65321->65313 65321->65316 65322->65313 65325 1400bb676 FindFirstFileW 65322->65325 65327 1400bb81e GetFileInformationByHandleEx 65323->65327 65323->65335 65326 1400bb7a5 65324->65326 65332 1400bb77f _invalid_parameter_noinfo __std_fs_convert_wide_to_narrow 65324->65332 65325->65313 65328 1400bb695 FindClose 65325->65328 65326->65323 65330 1400bb7c6 GetFileInformationByHandleEx 65326->65330 65334 1400bb834 _invalid_parameter_noinfo __std_fs_convert_wide_to_narrow 65327->65334 65327->65335 65328->65321 65329 1400bb8c5 65345 1400998b4 42 API calls __std_fs_directory_iterator_open 65329->65345 65330->65323 65336 1400bb7e2 _invalid_parameter_noinfo __std_fs_convert_wide_to_narrow 65330->65336 65338 1400bb8d6 65332->65338 65339 1400bb74f 65332->65339 65333 1400bb8ca 65346 1400998b4 42 API calls __std_fs_directory_iterator_open 65333->65346 65334->65339 65340 1400bb8d0 65334->65340 65335->65313 65335->65329 65335->65339 65336->65333 65336->65339 65348 1400998b4 42 API calls __std_fs_directory_iterator_open 65338->65348 65339->65313 65347 1400998b4 42 API calls __std_fs_directory_iterator_open 65340->65347 65344->65320 65349 140040af0 65350 140040b08 65349->65350 65354 140040b14 _Yarn 65349->65354 65351 140040b25 _Yarn 65352 140040c5e 65352->65351 65355 140097a44 _fread_nolock 44 API calls 65352->65355 65354->65351 65354->65352 65356 140097a44 65354->65356 65355->65351 65359 140097a64 65356->65359 65360 140097a8e 65359->65360 65361 140097a5c 65359->65361 65360->65361 65362 140097ada 65360->65362 65363 140097a9d memcpy_s 65360->65363 65361->65354 65372 140094934 EnterCriticalSection 65362->65372 65373 140094e68 8 API calls memcpy_s 65363->65373 65367 140097ab2 65374 140098234 42 API calls _invalid_parameter_noinfo 65367->65374 65373->65367 65374->65361 65375 14007c7cc 65376 14007c7d1 65375->65376 65416 14003e610 CreateToolhelp32Snapshot 65376->65416 65392 14007c7fa 65610 14007d260 65392->65610 65417 14003e677 memcpy_s 65416->65417 65780 14003ff20 65417->65780 65420 14003e8a1 65822 14003fe50 65420->65822 65421 14003e68e Process32FirstW 65421->65420 65443 14003e6aa _Receive_impl 65421->65443 65427 14004f9b0 44 API calls 65427->65443 65429 14003eab6 _invalid_parameter_noinfo _Receive_impl 65431 1400ae860 _Strcoll 3 API calls 65429->65431 65437 14003eba3 65429->65437 65430 1400468e0 44 API calls 65430->65443 65432 14003eb82 65431->65432 65444 14003ecb0 65432->65444 65433 14003e908 65838 140041900 65433->65838 65435 14003e9db 65438 140041900 44 API calls 65435->65438 65439 14003ea91 65438->65439 65854 140043ff0 65439->65854 65442 14003e873 Process32NextW 65442->65420 65442->65443 65443->65427 65443->65430 65443->65437 65443->65442 65785 1400778f0 65443->65785 65794 140044d30 65443->65794 65798 14004af10 65443->65798 65445 14003ed04 memcpy_s 65444->65445 65446 14003ff20 62 API calls 65445->65446 65447 14003ed10 65446->65447 66012 1400870e0 65447->66012 65449 14003f3f5 65450 1400870e0 47 API calls 65449->65450 65451 14003f416 _Receive_impl 65450->65451 65452 14003f5a5 65451->65452 65461 140044d30 61 API calls 65451->65461 65464 14004f9b0 44 API calls 65451->65464 65466 1400468e0 44 API calls 65451->65466 65468 14004af10 44 API calls 65451->65468 65473 14003f9a1 65451->65473 65455 14003fe50 44 API calls 65452->65455 65453 14004f9b0 44 API calls 65454 14003f26d _Receive_impl 65453->65454 65454->65449 65454->65453 65458 140044d30 61 API calls 65454->65458 65462 14004af10 44 API calls 65454->65462 65463 1400468e0 44 API calls 65454->65463 65454->65473 65456 14003f5be 65455->65456 65457 140045310 44 API calls 65456->65457 65469 14003f77b _Receive_impl 65456->65469 65459 14003f5ee 65457->65459 65458->65454 65460 1400455e0 44 API calls 65459->65460 65465 14003f605 65460->65465 65461->65451 65462->65454 65463->65454 65464->65451 65467 140041900 44 API calls 65465->65467 65466->65451 65472 14003f6be 65467->65472 65468->65451 65470 1400ae860 _Strcoll 3 API calls 65469->65470 65469->65473 65471 14003f980 65470->65471 65477 14003f9e0 65471->65477 65474 140041900 44 API calls 65472->65474 65475 14003f756 65474->65475 65476 140043ff0 44 API calls 65475->65476 65476->65469 66025 14008a260 65477->66025 65479 14003fa36 memcpy_s 65480 14003ff20 62 API calls 65479->65480 65493 14003fa51 _Yarn _Receive_impl 65480->65493 65481 14003fb5a 65482 14003fe50 44 API calls 65481->65482 65483 14003fb67 65482->65483 65485 140045310 44 API calls 65483->65485 65501 14003fd56 _Receive_impl 65483->65501 65486 14003fb97 65485->65486 65488 1400455e0 44 API calls 65486->65488 65491 14003fbae 65488->65491 65489 140044d30 61 API calls 65489->65493 65490 1400ae860 _Strcoll 3 API calls 65492 14003fe12 65490->65492 65495 140041900 44 API calls 65491->65495 65502 14003ca10 CredEnumerateA 65492->65502 65493->65481 65493->65489 65494 14004af10 44 API calls 65493->65494 65496 14003fe33 65493->65496 66033 140077a00 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll __std_fs_convert_wide_to_narrow 65493->66033 66034 14004f9b0 65493->66034 65494->65493 65497 14003fc7b 65495->65497 65498 140041900 44 API calls 65497->65498 65499 14003fd31 65498->65499 65500 140043ff0 44 API calls 65499->65500 65500->65501 65501->65490 65501->65496 65503 14003d49c 65502->65503 65520 14003ca80 _Receive_impl 65502->65520 65505 1400ae860 _Strcoll 3 API calls 65503->65505 65504 14003d48f CredFree 65504->65503 65506 14003d4ab 65505->65506 65528 14006cab0 65506->65528 65507 1400ae888 44 API calls std::_Facet_Register 65507->65520 65508 1400400f0 44 API calls 65508->65520 65509 140045310 44 API calls 65509->65520 65510 1400455e0 44 API calls 65510->65520 65511 140041900 44 API calls 65511->65520 65512 140046bc0 44 API calls 65512->65520 65513 140043ff0 44 API calls 65513->65520 65515 140046dd1 65516 14003d4cc 66069 1400479f0 65516->66069 65517 1400437f0 44 API calls 65517->65520 65518 140049380 44 API calls 65526 14003d51f _Receive_impl 65518->65526 65520->65504 65520->65507 65520->65508 65520->65509 65520->65510 65520->65511 65520->65512 65520->65513 65520->65516 65520->65517 65520->65526 66067 1400651b0 44 API calls std::_Facet_Register 65520->66067 66068 140050610 44 API calls 2 library calls 65520->66068 65523 140059810 44 API calls 65523->65526 65524 140047ac0 44 API calls 65525 14003d50c 65524->65525 65527 1400b0e88 Concurrency::cancel_current_task RaiseException 65525->65527 65526->65515 65526->65518 65526->65523 65527->65526 65529 14006cdc2 65528->65529 65537 14006cb05 _Receive_impl 65528->65537 65530 1400ae860 _Strcoll 3 API calls 65529->65530 65531 14006cdce 65530->65531 65540 14006f7a0 65531->65540 65532 14006ce03 66078 14002e240 44 API calls Concurrency::cancel_current_task 65532->66078 65534 14002d810 44 API calls 65534->65537 65535 14002eaf0 49 API calls 65535->65537 65536 14006ce18 65537->65529 65537->65532 65537->65534 65537->65535 65537->65536 65538 14006cdef 65537->65538 66077 14002e240 44 API calls Concurrency::cancel_current_task 65538->66077 65541 14006fab2 65540->65541 65547 14006f7f5 _Receive_impl 65540->65547 65542 1400ae860 _Strcoll 3 API calls 65541->65542 65543 14006fabe 65542->65543 65552 140031b90 65543->65552 65544 14002d810 44 API calls 65544->65547 65545 14002eaf0 49 API calls 65545->65547 65547->65541 65547->65544 65547->65545 65548 14006fb08 65547->65548 65549 14006fadf 65547->65549 65551 14006faf3 65547->65551 66079 14002e240 44 API calls Concurrency::cancel_current_task 65549->66079 66080 14002e240 44 API calls Concurrency::cancel_current_task 65551->66080 66081 14002f730 65552->66081 65555 140031bc8 65559 140031c7f _Receive_impl 65555->65559 65564 140031fd2 65555->65564 66096 140030e80 103 API calls 2 library calls 65555->66096 65558 140031fdd 65561 14002cf70 RaiseException 65558->65561 65559->65564 66086 14002fe20 65559->66086 65563 140031fe3 65561->65563 65562 140031cd5 65562->65558 65568 140031def _Receive_impl 65562->65568 66097 140030e80 103 API calls 2 library calls 65562->66097 65566 14002cf70 RaiseException 65563->65566 66099 14002cf70 65564->66099 65567 140031fe9 65566->65567 65568->65564 66091 140030450 65568->66091 65569 1400ae860 _Strcoll 3 API calls 65570 140031fb5 65569->65570 65575 14003add0 65570->65575 65571 140031e45 65571->65563 65574 140031f84 _Receive_impl 65571->65574 66098 140030e80 103 API calls 2 library calls 65571->66098 65573 140031f51 65573->65564 65573->65574 65574->65569 65576 14003be6e 65575->65576 65580 14003ae2c _Receive_impl 65575->65580 65577 1400ae860 _Strcoll 3 API calls 65576->65577 65578 14003be7d 65577->65578 65578->65392 65579 14002d810 44 API calls 65579->65580 65580->65576 65580->65579 65581 14003bec3 65580->65581 65584 14003bea3 65580->65584 65586 14003bede 65580->65586 65590 14002eaf0 49 API calls 65580->65590 65592 14003bf1a 65580->65592 65593 14003bf30 65580->65593 65594 14003bf02 65580->65594 65596 140045310 44 API calls 65580->65596 65598 1400437f0 44 API calls 65580->65598 65599 1400455e0 44 API calls 65580->65599 65601 1400429b0 44 API calls 65580->65601 65606 140041900 44 API calls 65580->65606 65607 140043ff0 44 API calls 65580->65607 66103 140080730 65580->66103 66167 140046700 44 API calls _Yarn 65580->66167 66168 140077ba0 CryptUnprotectData 65580->66168 66176 140045140 65580->66176 66187 14007f8f0 65580->66187 66194 140043a40 44 API calls 3 library calls 65580->66194 66195 14002d4e0 65580->66195 66199 14002d370 65580->66199 66212 14005d590 65580->66212 66221 1400417a0 44 API calls 2 library calls 65580->66221 66222 14002e7b0 65580->66222 66234 14002e240 44 API calls Concurrency::cancel_current_task 65581->66234 66233 14002e240 44 API calls Concurrency::cancel_current_task 65584->66233 66235 1400445e0 44 API calls 65586->66235 65590->65580 66236 14002e1d0 65592->66236 65597 14002cf70 RaiseException 65594->65597 65596->65580 65597->65592 65598->65580 65599->65580 65601->65580 65606->65580 65607->65580 65611 14007d2a7 memcpy_s 65610->65611 65612 14003ff20 62 API calls 65611->65612 65613 14007d2b0 65612->65613 65615 14007d2d5 65613->65615 67222 14007d510 65613->67222 65616 14003fe50 44 API calls 65615->65616 65617 14007d2e2 65616->65617 65618 140045310 44 API calls 65617->65618 65619 14007d429 _Receive_impl 65617->65619 65620 14007d314 65618->65620 65622 1400ae860 _Strcoll 3 API calls 65619->65622 65625 14007d4f8 65619->65625 65621 1400455e0 44 API calls 65620->65621 65624 14007d32c 65621->65624 65623 14007c80c 65622->65623 65629 14003bf40 65623->65629 65626 140041900 44 API calls 65624->65626 65627 14007d404 65626->65627 65628 140043ff0 44 API calls 65627->65628 65628->65619 65630 14003c090 65629->65630 65631 14002d810 44 API calls 65630->65631 65632 14003c0e6 _Receive_impl 65631->65632 65633 14002eaf0 49 API calls 65632->65633 65636 14003c9c3 65632->65636 65641 14003c149 65633->65641 65635 14003c948 _Receive_impl 65638 1400ae860 _Strcoll 3 API calls 65635->65638 65637 14002e1d0 44 API calls 65636->65637 65647 14003c9df 65637->65647 65640 14003c974 65638->65640 65639 14003c9a3 67239 14002e240 44 API calls Concurrency::cancel_current_task 65639->67239 65660 1400377d0 65640->65660 65642 140045140 55 API calls 65641->65642 65643 14003c7f7 _Receive_impl 65641->65643 65659 14003c25d _Strcoll _Receive_impl 65642->65659 65643->65635 65643->65639 65643->65647 65645 14002e7b0 46 API calls 65645->65659 65646 14002d370 44 API calls 65646->65659 65648 14002cf70 RaiseException 65647->65648 65649 14003ca09 65648->65649 65650 14007f8f0 99 API calls 65650->65659 65652 14002d4e0 44 API calls 65652->65659 65653 140045310 44 API calls 65653->65659 65654 1400455e0 44 API calls 65654->65659 65655 140041900 44 API calls 65655->65659 65656 140043ff0 44 API calls 65656->65659 65657 14005d590 44 API calls 65657->65659 65659->65636 65659->65643 65659->65645 65659->65646 65659->65647 65659->65650 65659->65652 65659->65653 65659->65654 65659->65655 65659->65656 65659->65657 67236 14002d5e0 44 API calls 65659->67236 67237 140043a40 44 API calls 3 library calls 65659->67237 67238 1400417a0 44 API calls 2 library calls 65659->67238 65662 140037825 65660->65662 65661 1400ae860 _Strcoll 3 API calls 65663 140037a5b 65661->65663 65662->65661 65664 140034b70 65663->65664 65694 140034c70 _Receive_impl 65664->65694 65665 14003628f 67256 1400320b0 65665->67256 65668 140036bd0 44 API calls 65668->65694 65674 140043d70 44 API calls 65674->65694 65677 14003629e _Receive_impl 65683 140036384 65677->65683 65680 140036465 67422 14002e240 44 API calls Concurrency::cancel_current_task 65680->67422 67420 14002e240 44 API calls Concurrency::cancel_current_task 65683->67420 65685 14003500e RegOpenKeyExA 65687 1400350a9 RegQueryValueExA 65685->65687 65685->65694 65686 140045140 55 API calls 65686->65694 65687->65694 65688 14002e1d0 44 API calls 65690 14003640f 65688->65690 65689 140035186 RegCloseKey 65689->65694 65692 14002e1d0 44 API calls 65690->65692 65691 14002e1d0 44 API calls 65700 14003644d 65691->65700 65695 14003641f 65692->65695 65693 1400363a4 65707 14002cf70 RaiseException 65693->65707 65694->65665 65694->65668 65694->65674 65694->65680 65694->65683 65694->65685 65694->65686 65694->65689 65694->65690 65694->65693 65694->65695 65696 140036940 44 API calls 65694->65696 65697 1400363ef 65694->65697 65699 14002d140 44 API calls 65694->65699 65694->65700 65701 14002e7b0 46 API calls 65694->65701 65702 14007f8f0 99 API calls 65694->65702 65704 14002eaf0 49 API calls 65694->65704 65706 140036437 65694->65706 65708 140043a40 44 API calls 65694->65708 65709 1400363d4 65694->65709 65710 14002d4e0 44 API calls 65694->65710 65711 14002d370 44 API calls 65694->65711 65712 140045310 44 API calls 65694->65712 65713 1400455e0 44 API calls 65694->65713 65714 14005d590 44 API calls 65694->65714 65715 140041900 44 API calls 65694->65715 65716 1400417a0 44 API calls 65694->65716 65717 1400429b0 44 API calls 65694->65717 65718 140043ff0 44 API calls 65694->65718 67240 140045890 65694->67240 67252 140044f60 65694->67252 67419 1400459f0 44 API calls _Receive_impl 65694->67419 65705 14002cf70 RaiseException 65695->65705 65696->65694 65697->65688 65699->65694 65703 14002cf70 RaiseException 65700->65703 65701->65694 65702->65694 65703->65680 65704->65694 65705->65706 65706->65691 65707->65709 65708->65694 67421 14002e240 44 API calls Concurrency::cancel_current_task 65709->67421 65710->65694 65711->65694 65712->65694 65713->65694 65714->65694 65715->65694 65716->65694 65717->65694 65718->65694 65884 140044ab0 65780->65884 65786 14007793e 65785->65786 65792 14007791f _Receive_impl 65785->65792 65944 140036940 65786->65944 65787 1400ae860 _Strcoll 3 API calls 65788 1400779de 65787->65788 65788->65443 65790 140077967 65956 140077a00 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll __std_fs_convert_wide_to_narrow 65790->65956 65792->65787 65793 1400779ec 65792->65793 65795 140044d54 65794->65795 65796 140044e10 61 API calls 65795->65796 65797 140044d66 65796->65797 65797->65443 65799 14004afd0 65798->65799 65800 14004af4e 65798->65800 65801 1400ae860 _Strcoll 3 API calls 65799->65801 65959 140049f00 44 API calls 65800->65959 65803 14004affd 65801->65803 65803->65443 65804 14004af5b 65805 14004afbd 65804->65805 65807 14004b012 65804->65807 65805->65799 65960 14004c530 44 API calls 2 library calls 65805->65960 65961 14002cdc0 44 API calls 65807->65961 65809 14004b054 65810 1400b0e88 Concurrency::cancel_current_task RaiseException 65809->65810 65811 14004b065 65810->65811 65812 14004af10 44 API calls 65811->65812 65813 14004b0bb 65811->65813 65812->65813 65814 14004b1c8 65813->65814 65815 14004b18a 65813->65815 65963 14002cdc0 44 API calls 65814->65963 65816 14004b19b 65815->65816 65962 14004c530 44 API calls 2 library calls 65815->65962 65816->65443 65819 14004b20a 65820 1400b0e88 Concurrency::cancel_current_task RaiseException 65819->65820 65821 14004b21b 65820->65821 65823 14003fe98 65822->65823 65824 14003e8b4 65823->65824 65964 140044600 44 API calls 4 library calls 65823->65964 65824->65429 65826 140045310 65824->65826 65827 1400427e0 44 API calls 65826->65827 65828 14004537a 65827->65828 65829 1400427e0 44 API calls 65828->65829 65830 14003e8f3 65829->65830 65831 1400455e0 65830->65831 65832 140043ff0 44 API calls 65831->65832 65833 140045624 65832->65833 65834 1400ae888 std::_Facet_Register 44 API calls 65833->65834 65835 140045639 65834->65835 65836 1400ae860 _Strcoll 3 API calls 65835->65836 65837 14004568d 65836->65837 65837->65433 65839 140041937 65838->65839 65840 14004193f 65838->65840 65975 140047e80 44 API calls 2 library calls 65839->65975 65849 1400419d4 65840->65849 65965 140047d40 65840->65965 65843 14004195d 65845 140041990 _Receive_impl 65843->65845 65843->65849 65847 1400ae860 _Strcoll 3 API calls 65845->65847 65846 1400419f6 65848 140047ac0 44 API calls 65846->65848 65850 1400419bf 65847->65850 65851 140041a09 65848->65851 65976 140047f10 44 API calls 65849->65976 65850->65435 65852 1400b0e88 Concurrency::cancel_current_task RaiseException 65851->65852 65853 140041a1a 65852->65853 65855 14004402d 65854->65855 65857 140044066 65855->65857 65858 140044107 65855->65858 65874 140044350 65855->65874 65878 1400443c2 _Receive_impl 65855->65878 65856 1400ae860 _Strcoll 3 API calls 65859 14004445f 65856->65859 65869 1400440a6 65857->65869 65877 14004447d 65857->65877 65994 1400492c0 44 API calls 2 library calls 65857->65994 65868 140044134 65858->65868 65858->65877 65996 1400492c0 44 API calls 2 library calls 65858->65996 65859->65429 65860 140044373 65865 14004442b 65860->65865 65876 14004437c 65860->65876 65861 14004443a 65989 1400400f0 65861->65989 65864 140044347 66006 140044ca0 44 API calls _Receive_impl 65864->66006 66007 140044ca0 44 API calls _Receive_impl 65865->66007 65881 140044102 _Receive_impl 65868->65881 65997 140050610 44 API calls 2 library calls 65868->65997 65869->65881 65995 140050610 44 API calls 2 library calls 65869->65995 65874->65860 65874->65861 65874->65878 65876->65877 65876->65878 66008 140040640 44 API calls 65877->66008 65878->65856 65879 140041a20 44 API calls 65879->65881 65881->65864 65881->65879 65882 140050610 44 API calls 65881->65882 65998 140049380 65881->65998 66003 140059810 65881->66003 65882->65881 65885 1400ae888 std::_Facet_Register 44 API calls 65884->65885 65886 140044b11 65885->65886 65902 1400bc5ec 65886->65902 65888 140044b21 65911 140044e10 65888->65911 65891 140044bae 65892 14003ffdf 65891->65892 65926 1400bc8b8 EnterCriticalSection GetProcAddress std::_Lockit::_Lockit 65891->65926 65899 140043d00 65892->65899 65894 140044bd6 65927 14002cdc0 44 API calls 65894->65927 65896 140044c16 65897 1400b0e88 Concurrency::cancel_current_task RaiseException 65896->65897 65898 140044c27 65897->65898 65939 140044500 65899->65939 65928 1400bbf8c 65902->65928 65904 1400bc60e 65910 1400bc652 _Yarn 65904->65910 65932 1400bc7e4 44 API calls std::_Facet_Register 65904->65932 65906 1400bc626 65933 1400bc814 43 API calls std::locale::_Setgloballocale 65906->65933 65908 1400bc631 65908->65910 65934 140097620 9 API calls 3 library calls 65908->65934 65910->65888 65910->65910 65912 1400bbf8c std::_Lockit::_Lockit 2 API calls 65911->65912 65913 140044e40 65912->65913 65914 1400bbf8c std::_Lockit::_Lockit 2 API calls 65913->65914 65915 140044e65 65913->65915 65914->65915 65925 140044edd 65915->65925 65936 14002ca60 61 API calls 5 library calls 65915->65936 65916 1400ae860 _Strcoll 3 API calls 65917 140044b52 65916->65917 65917->65891 65917->65894 65919 140044eef 65920 140044ef5 65919->65920 65921 140044f56 65919->65921 65937 1400bc5ac 44 API calls std::_Facet_Register 65920->65937 65938 14002c5a0 44 API calls 2 library calls 65921->65938 65924 140044f5b 65925->65916 65926->65892 65927->65896 65929 1400bbf9b 65928->65929 65930 1400bbfa0 65928->65930 65935 14009c42c EnterCriticalSection GetProcAddress std::_Locinfo::_Locinfo_ctor 65929->65935 65930->65904 65932->65906 65933->65908 65934->65910 65936->65919 65937->65925 65938->65924 65940 1400ae888 std::_Facet_Register 44 API calls 65939->65940 65941 140044577 65940->65941 65942 1400bc5ec 47 API calls 65941->65942 65943 14003e683 65942->65943 65943->65420 65943->65421 65947 140036966 65944->65947 65952 140036a64 65944->65952 65946 140036971 _Yarn 65946->65790 65947->65946 65948 140036a5f 65947->65948 65950 140036a22 65947->65950 65951 1400369ca 65947->65951 65957 14002b820 44 API calls 2 library calls 65948->65957 65954 1400ae888 std::_Facet_Register 44 API calls 65950->65954 65951->65948 65953 1400369d7 65951->65953 65958 14002b8e0 44 API calls 65952->65958 65955 1400ae888 std::_Facet_Register 44 API calls 65953->65955 65954->65946 65955->65946 65956->65792 65957->65952 65959->65804 65960->65799 65961->65809 65962->65816 65963->65819 65964->65824 65966 140047d66 65965->65966 65967 140047e73 65966->65967 65968 140047dac 65966->65968 65974 140047e1f 65966->65974 65987 14002b9e0 44 API calls 65967->65987 65969 1400ae888 std::_Facet_Register 44 API calls 65968->65969 65972 140047dca 65969->65972 65977 1400437f0 65972->65977 65974->65843 65975->65840 65976->65846 65978 140043946 65977->65978 65979 140043823 65977->65979 65978->65979 65980 140043953 65978->65980 65981 1400ae860 _Strcoll 3 API calls 65979->65981 65988 1400488c0 44 API calls 3 library calls 65980->65988 65982 140043852 65981->65982 65982->65974 65984 140043974 65985 1400b0e88 Concurrency::cancel_current_task RaiseException 65984->65985 65986 140043985 65985->65986 65988->65984 65990 140040141 65989->65990 65993 14004010f _Receive_impl 65989->65993 65991 140049380 44 API calls 65991->65993 65992 140059810 44 API calls 65992->65993 65993->65990 65993->65991 65993->65992 65995->65869 65997->65868 65999 1400493d1 65998->65999 66002 14004939c _Receive_impl 65998->66002 65999->65881 66000 140049380 44 API calls 66000->66002 66001 140059810 44 API calls 66001->66002 66002->65999 66002->66000 66002->66001 66009 140041a20 66003->66009 66005 140059827 _Receive_impl 66005->65881 66006->65874 66007->65878 66010 140043ff0 44 API calls 66009->66010 66011 140041a38 66010->66011 66011->66005 66013 140087154 RegOpenKeyExA 66012->66013 66014 14008739b 66013->66014 66020 140087177 66013->66020 66015 1400873aa 66014->66015 66016 1400873a4 RegCloseKey 66014->66016 66018 1400ae860 _Strcoll 3 API calls 66015->66018 66016->66015 66017 140087184 RegEnumKeyExA 66017->66020 66019 1400873bc 66018->66019 66019->65454 66020->66014 66020->66017 66021 1400873dd 66020->66021 66024 14002b8e0 44 API calls 66021->66024 66028 14008a286 _Receive_impl wcsftime 66025->66028 66029 14008a378 wcsftime 66028->66029 66030 14008a3a5 66028->66030 66048 14008daa0 44 API calls 3 library calls 66028->66048 66049 14008eb10 44 API calls 3 library calls 66028->66049 66029->65479 66031 14008a3e3 RtlInitUnicodeString RtlInitUnicodeString 66030->66031 66032 14008a414 66030->66032 66031->65479 66032->65479 66033->65493 66035 14004f9f4 66034->66035 66036 14004af10 44 API calls 66035->66036 66037 14004fa29 66035->66037 66036->66037 66041 14004fa5d 66037->66041 66050 1400421f0 66037->66050 66038 14004fc25 66055 14002cdc0 44 API calls 66038->66055 66039 14004fbdc 66040 14004fbed 66039->66040 66054 14004c530 44 API calls 2 library calls 66039->66054 66040->65493 66041->66038 66041->66039 66044 14004fc69 66045 1400b0e88 Concurrency::cancel_current_task RaiseException 66044->66045 66046 14004fc7a 66045->66046 66048->66028 66049->66028 66051 140042286 66050->66051 66052 140042213 _Yarn 66050->66052 66051->66041 66052->66051 66056 140041eb0 66052->66056 66054->66040 66055->66044 66057 140041edd _Yarn _Receive_impl 66056->66057 66059 140041ed8 66056->66059 66057->66052 66058 140041f97 66060 1400ae888 std::_Facet_Register 44 API calls 66058->66060 66059->66057 66059->66058 66061 140041f59 66059->66061 66063 140041f66 66059->66063 66060->66057 66061->66063 66064 14004209c 66061->66064 66062 1400ae888 std::_Facet_Register 44 API calls 66062->66057 66063->66057 66063->66062 66066 14002b820 44 API calls 2 library calls 66064->66066 66066->66057 66067->65520 66068->65520 66071 140047a40 66069->66071 66070 140047a6e 66073 140043d70 44 API calls 66070->66073 66071->66070 66072 140048560 44 API calls 66071->66072 66072->66070 66074 140047a8a 66073->66074 66075 140043d70 44 API calls 66074->66075 66076 14003d4f7 66075->66076 66076->65524 66082 14002fa30 _Receive_impl 66081->66082 66082->66082 66083 1400ae860 _Strcoll 3 API calls 66082->66083 66085 14002fd42 66082->66085 66084 14002fc04 66083->66084 66084->65555 66085->65555 66090 140030120 _Receive_impl 66086->66090 66087 1400ae860 _Strcoll 3 API calls 66089 1400302f4 66087->66089 66088 140030432 66089->65562 66090->66087 66090->66088 66092 140030750 _Receive_impl 66091->66092 66093 1400ae860 _Strcoll 3 API calls 66092->66093 66094 140030a62 66092->66094 66095 140030924 66093->66095 66095->65571 66096->65559 66097->65568 66098->65573 66100 14002cf8d 66099->66100 66101 1400b0e88 Concurrency::cancel_current_task RaiseException 66100->66101 66102 14002cf9e 66101->66102 66104 14008077b 66103->66104 66242 14002d810 66104->66242 66106 1400807d6 _Receive_impl 66109 140080d1f 66106->66109 66251 14002eaf0 66106->66251 66108 140080883 66108->66109 66115 1400808e4 _Receive_impl 66108->66115 66331 14002e240 44 API calls Concurrency::cancel_current_task 66109->66331 66110 140080841 memcpy_s 66110->66108 66257 14004a910 66110->66257 66112 1400ae860 _Strcoll 3 API calls 66116 140080915 66112->66116 66115->66112 66116->65580 66117 140080965 66118 1400809a9 66117->66118 66119 140080c11 66117->66119 66274 1400456a0 66118->66274 66330 1400412f0 43 API calls 66119->66330 66167->65580 66169 140077c06 66168->66169 66170 140077ccc 66168->66170 66172 140077c2d _Yarn memcpy_s 66169->66172 66173 140048e80 44 API calls 66169->66173 66171 1400ae860 _Strcoll 3 API calls 66170->66171 66174 140077ce6 66171->66174 66175 140077c86 LocalFree 66172->66175 66173->66172 66174->65580 66175->66170 66177 140036bd0 44 API calls 66176->66177 66178 14004518c 66177->66178 66947 14002e2a0 66178->66947 66182 1400ae888 std::_Facet_Register 44 API calls 66186 140045204 66182->66186 66183 1400452d3 66184 1400ae860 _Strcoll 3 API calls 66183->66184 66185 1400452ef 66184->66185 66185->65580 66965 1400bb4e0 43 API calls __std_fs_directory_iterator_open 66186->66965 66976 14007f020 66187->66976 66190 140045310 44 API calls 66191 14007f94a 66190->66191 66192 1400ae860 _Strcoll 3 API calls 66191->66192 66193 14007f9cd 66192->66193 66193->65580 66194->65580 66198 14002d509 66195->66198 66196 140036940 44 API calls 66197 14002d59a 66196->66197 66197->65580 66198->66196 66200 14002d3a0 66199->66200 67208 1400bb260 66200->67208 66202 14002d43a 66202->65580 66204 14002d3ac __std_fs_convert_wide_to_narrow 66204->66202 66205 14002d48f 66204->66205 66207 1400427e0 44 API calls 66204->66207 66211 14002d489 66204->66211 67213 14002c530 44 API calls Concurrency::cancel_current_task 66205->67213 66209 14002d410 __std_fs_convert_wide_to_narrow 66207->66209 66209->66202 67211 14002c530 44 API calls Concurrency::cancel_current_task 66209->67211 67212 14002c160 44 API calls 2 library calls 66211->67212 66213 140043ff0 44 API calls 66212->66213 66214 14005d5c3 66213->66214 66215 1400ae888 std::_Facet_Register 44 API calls 66214->66215 66216 14005d5d8 66215->66216 66217 1400429b0 44 API calls 66216->66217 66218 14005d5f5 66217->66218 66219 1400ae860 _Strcoll 3 API calls 66218->66219 66220 14005d60e 66219->66220 66220->65580 66221->65580 66224 14002e7e0 66222->66224 66223 1400bb4c0 2 API calls 66223->66224 66224->66223 66225 14002e828 66224->66225 66226 14002e8ae 66224->66226 66228 14002e81b 66224->66228 66227 1400ae860 _Strcoll 3 API calls 66225->66227 67220 14002e0c0 44 API calls 2 library calls 66226->67220 66230 14002e899 66227->66230 67219 14002e4f0 44 API calls 66228->67219 66230->65580 66231 14002e8bc 66237 14002e1e9 66236->66237 67221 14002db70 44 API calls _Receive_impl 66237->67221 66239 14002e220 66240 1400b0e88 Concurrency::cancel_current_task RaiseException 66239->66240 66241 14002e231 66240->66241 66243 14002d850 66242->66243 66244 14002d97a 66243->66244 66248 14002d896 66243->66248 66336 140036bd0 66244->66336 66246 14002d982 66348 14002d140 66246->66348 66250 14002d8fa _Yarn 66248->66250 66335 14004ec90 44 API calls 4 library calls 66248->66335 66250->66106 66252 14002eb21 66251->66252 66253 1400bb5b0 49 API calls 66252->66253 66254 14002eb3d 66253->66254 66255 1400ae860 _Strcoll 3 API calls 66254->66255 66256 14002ebc2 66255->66256 66256->66110 66258 140044ab0 62 API calls 66257->66258 66259 14004a9c7 66258->66259 66368 14004c3b0 66259->66368 66264 14004aa1f 66379 140043520 42 API calls _Strcoll 66264->66379 66265 14004aaa8 66273 14004aa58 66265->66273 66381 14002cdc0 44 API calls 66265->66381 66267 14004aa31 66380 1400478a0 58 API calls 4 library calls 66267->66380 66269 14004ab12 66271 1400b0e88 Concurrency::cancel_current_task RaiseException 66269->66271 66272 14004ab23 66271->66272 66273->66117 66275 1400437f0 44 API calls 66274->66275 66276 1400456d6 66275->66276 66559 14004ee00 66276->66559 66330->66108 66335->66250 66337 140036bfe 66336->66337 66338 140036c1a _Yarn 66337->66338 66342 140036cb4 66337->66342 66343 140036c8d 66337->66343 66345 140036cf3 66337->66345 66347 140036c9e 66337->66347 66338->66246 66344 1400ae888 std::_Facet_Register 44 API calls 66342->66344 66346 1400ae888 std::_Facet_Register 44 API calls 66343->66346 66343->66347 66344->66338 66363 14002b8e0 44 API calls 66345->66363 66346->66347 66347->66338 66362 14002b820 44 API calls 2 library calls 66347->66362 66354 14002d15f 66348->66354 66349 14002d26b 66350 14002d297 66349->66350 66353 14002d2c0 66349->66353 66351 14002d2a7 66350->66351 66352 14002d35e 66350->66352 66366 1400425d0 44 API calls _Yarn 66351->66366 66367 1400445e0 44 API calls 66352->66367 66353->66351 66365 140047fd0 44 API calls 4 library calls 66353->66365 66354->66349 66360 14002d24a 66354->66360 66357 14002d255 66357->66250 66364 14002d9c0 44 API calls _Yarn 66360->66364 66362->66345 66364->66357 66365->66351 66366->66357 66369 140044500 47 API calls 66368->66369 66370 14004a9f4 66369->66370 66370->66265 66371 1400bcb28 66370->66371 66372 1400bcb6e 66371->66372 66375 14004aa16 66372->66375 66382 1400be200 66372->66382 66375->66264 66375->66265 66377 1400bcbbc 66377->66375 66402 140093818 66377->66402 66379->66267 66380->66273 66381->66269 66383 1400be12c 66382->66383 66384 1400be152 66383->66384 66387 1400be185 66383->66387 66422 140094e68 8 API calls memcpy_s 66384->66422 66386 1400be157 66423 140098234 42 API calls _invalid_parameter_noinfo 66386->66423 66389 1400be18b 66387->66389 66390 1400be198 66387->66390 66424 140094e68 8 API calls memcpy_s 66389->66424 66410 14009d6a8 66390->66410 66391 1400bcba1 66391->66375 66401 140097e14 42 API calls _invalid_parameter_noinfo 66391->66401 66401->66377 66403 140093848 66402->66403 66545 1400936f4 66403->66545 66405 140093861 66408 140093886 66405->66408 66555 14008f864 42 API calls 3 library calls 66405->66555 66407 14009389b 66407->66375 66408->66407 66556 14008f864 42 API calls 3 library calls 66408->66556 66427 14009c3bc EnterCriticalSection 66410->66427 66422->66386 66423->66391 66424->66391 66546 14009373d 66545->66546 66547 14009370f 66545->66547 66549 14009372f 66546->66549 66557 140094934 EnterCriticalSection 66546->66557 66558 140098168 42 API calls 2 library calls 66547->66558 66549->66405 66555->66408 66556->66407 66558->66549 66560 14004ee54 66559->66560 66628 14009494c 66560->66628 66564 14004ef61 66651 14002f1f0 66564->66651 66567 1400ae860 _Strcoll 3 API calls 66568 140045739 66567->66568 66569 140049f80 66568->66569 66570 14004a291 66569->66570 66574 140049fcb memcpy_s 66569->66574 66702 140051e10 66570->66702 66761 14004b5b0 44 API calls 66574->66761 66576 14004a01b 66762 140050c20 44 API calls 2 library calls 66576->66762 66579 14004a02b 66582 14004c600 44 API calls 66579->66582 66596 14004a037 66582->66596 66590 14004a225 66595 14004a27f 66590->66595 66600 1400437f0 44 API calls 66590->66600 66591 14004a1dd 66594 1400437f0 44 API calls 66591->66594 66887 14004b3d0 44 API calls _Receive_impl 66595->66887 66626 14004a1c4 _Receive_impl 66596->66626 66763 14004b780 66596->66763 66626->66590 66626->66591 66658 140099eec 66628->66658 66633 14004c600 66634 14004c623 66633->66634 66638 14004c670 66633->66638 66635 14004e200 44 API calls 66634->66635 66637 14004c628 66635->66637 66636 14004e200 44 API calls 66636->66638 66637->66638 66639 14004e200 44 API calls 66637->66639 66638->66636 66642 14004c6c3 66638->66642 66640 14004c637 66639->66640 66641 14004c64d 66640->66641 66644 14004e200 44 API calls 66640->66644 66643 1400ae860 _Strcoll 3 API calls 66641->66643 66646 14004c7c8 66642->66646 66650 14004e200 44 API calls 66642->66650 66645 14004c66a 66643->66645 66647 14004c646 66644->66647 66645->66564 66648 1400ae860 _Strcoll 3 API calls 66646->66648 66647->66638 66647->66641 66649 14004c91b 66648->66649 66649->66564 66650->66642 66652 14002f227 66651->66652 66653 14002f1fe 66651->66653 66652->66567 66653->66652 66701 14002cdc0 44 API calls 66653->66701 66655 14002f25e 66656 1400b0e88 Concurrency::cancel_current_task RaiseException 66655->66656 66657 14002f26f 66656->66657 66659 140099f01 __std_fs_convert_wide_to_narrow 66658->66659 66660 140099f2d FlsSetValue 66659->66660 66661 140099f10 FlsGetValue 66659->66661 66662 140099f3f 66660->66662 66663 140099f1d 66660->66663 66661->66663 66664 140099f27 66661->66664 66685 14009da30 66662->66685 66665 140099f99 SetLastError 66663->66665 66664->66660 66668 140099fb9 66665->66668 66669 140094955 66665->66669 66697 1400998b4 42 API calls __std_fs_directory_iterator_open 66668->66697 66681 14009c178 66669->66681 66671 140099f6c FlsSetValue 66675 140099f8a 66671->66675 66676 140099f78 FlsSetValue 66671->66676 66672 140099f5c FlsSetValue 66674 140099f65 66672->66674 66691 14009d3c8 66674->66691 66696 140099c9c 8 API calls memcpy_s 66675->66696 66676->66674 66679 140099f92 66680 14009d3c8 __free_lconv_num 8 API calls 66679->66680 66680->66665 66682 14009c18d 66681->66682 66684 14004ef3a 66681->66684 66682->66684 66700 1400a5c14 42 API calls 3 library calls 66682->66700 66684->66633 66686 14009da41 wcsftime 66685->66686 66687 14009da92 66686->66687 66689 140099f4e 66686->66689 66690 1400a9f1c std::_Facet_Register 2 API calls 66686->66690 66698 140094e68 8 API calls memcpy_s 66687->66698 66689->66671 66689->66672 66690->66686 66692 14009d3cd HeapFree 66691->66692 66693 14009d3fe 66691->66693 66692->66693 66694 14009d3e8 __std_fs_convert_wide_to_narrow __free_lconv_num 66692->66694 66693->66663 66699 140094e68 8 API calls memcpy_s 66694->66699 66696->66679 66698->66689 66699->66693 66700->66684 66701->66655 66703 140051e8d 66702->66703 66704 140052a5c 66702->66704 66705 14004b780 44 API calls 66704->66705 66706 140052a9c 66705->66706 66707 140051af0 44 API calls 66706->66707 66708 140052ac2 66707->66708 66709 14004bd00 44 API calls 66708->66709 66710 140052ad2 66709->66710 66711 140052b3d 66710->66711 66712 140052add 66710->66712 66761->66576 66762->66579 66764 14004b7ce 66763->66764 66765 14004b81e 66764->66765 66767 140048560 44 API calls 66764->66767 66786 14004b8ac _Receive_impl 66764->66786 66766 140043d70 44 API calls 66767->66765 66786->66766 66791 14004bc79 _Receive_impl 66786->66791 66948 14002e2df 66947->66948 66949 140036bd0 44 API calls 66948->66949 66962 14002e40f _Receive_impl 66948->66962 66951 14002e319 66949->66951 66950 1400ae860 _Strcoll 3 API calls 66952 14002e4be 66950->66952 66953 140036940 44 API calls 66951->66953 66952->66182 66952->66186 66954 14002e347 66953->66954 66955 14002d140 44 API calls 66954->66955 66956 14002e36d _Receive_impl 66955->66956 66964 14002e4d5 66956->66964 66966 1400bb500 66956->66966 66958 14002e3d8 66959 14002e416 66958->66959 66960 14002e3de 66958->66960 66961 14002eaf0 49 API calls 66959->66961 66959->66962 66960->66962 66972 1400bb4c0 FindNextFileW 66960->66972 66961->66962 66962->66950 66962->66964 66965->66183 66967 1400bb52b __std_fs_directory_iterator_open __std_fs_convert_wide_to_narrow 66966->66967 66968 1400bb51e FindClose 66966->66968 66967->66958 66968->66967 66969 1400bb56c 66968->66969 66975 1400998b4 42 API calls __std_fs_directory_iterator_open 66969->66975 66973 1400bb4ce 66972->66973 66974 1400bb4d5 GetLastError 66972->66974 66973->66960 66977 14002eaf0 49 API calls 66976->66977 66981 14007f06f memcpy_s 66977->66981 66978 14007f0a7 66979 14007f0af 66978->66979 67032 14007f7bf 66978->67032 66982 1400ae860 _Strcoll 3 API calls 66979->66982 66981->66978 66981->66979 66984 14004a910 73 API calls 66981->66984 66983 14007f751 66982->66983 66983->66190 66983->66191 66985 14007f0ee 66984->66985 66986 14007f545 66985->66986 66987 14007f151 66985->66987 67033 14005fdb0 66986->67033 67063 140089b70 21 API calls 2 library calls 66987->67063 66992 14007f7d6 67071 14002cdc0 44 API calls 66992->67071 66994 14007f163 67064 140089d30 52 API calls 6 library calls 66994->67064 66998 14007f800 67001 1400b0e88 Concurrency::cancel_current_task RaiseException 66998->67001 66999 14007f597 67003 14005fdb0 44 API calls 66999->67003 67000 14007f174 67004 14007f187 67000->67004 67005 14007f25c GetFileSize 67000->67005 67006 14007f811 67001->67006 67002 140048560 44 API calls 67002->66999 67009 14007f5aa 67003->67009 67004->66992 67016 14007f1ce _Receive_impl 67004->67016 67007 14007f278 memcpy_s 67005->67007 67008 14007f29d 67005->67008 67010 14007f302 SetFilePointer 67007->67010 67008->67007 67013 140048e80 44 API calls 67008->67013 67052 14008d640 67009->67052 67014 14007f349 _fread_nolock 67010->67014 67013->67010 67025 14007f462 67014->67025 67027 14007f351 67014->67027 67065 1400412f0 43 API calls 67016->67065 67017 14007f21f 67017->66979 67018 140043620 43 API calls 67019 14007f63b 67018->67019 67020 14007f66d 67019->67020 67028 14007f76c 67019->67028 67068 1400412f0 43 API calls 67020->67068 67022 14007f4b7 _Receive_impl 67067 1400412f0 43 API calls 67022->67067 67023 14007f3d4 _Receive_impl 67066 1400412f0 43 API calls 67023->67066 67025->66992 67025->67022 67027->66992 67027->67023 67069 14002cdc0 44 API calls 67028->67069 67030 14007f7ae 67031 1400b0e88 Concurrency::cancel_current_task RaiseException 67030->67031 67031->67032 67070 14002e240 44 API calls Concurrency::cancel_current_task 67032->67070 67034 14005fe0d 67033->67034 67036 14005fef3 67033->67036 67072 140060bd0 67034->67072 67120 14002cdc0 44 API calls 67036->67120 67037 14005fe32 67042 14005fe69 67037->67042 67110 1400408a0 67037->67110 67039 14005fec0 67048 14005fcd0 67039->67048 67040 14005ff35 67041 1400b0e88 Concurrency::cancel_current_task RaiseException 67040->67041 67041->67042 67042->67039 67121 14002cdc0 44 API calls 67042->67121 67044 14005ff8e 67045 1400b0e88 Concurrency::cancel_current_task RaiseException 67044->67045 67046 14005ffa2 67045->67046 67049 14005fd00 67048->67049 67050 140060bd0 44 API calls 67049->67050 67051 14005fd0f 67050->67051 67051->66999 67051->67002 67053 14008d69d 67052->67053 67055 14008d6b7 67052->67055 67053->67055 67062 140040ca0 44 API calls 67053->67062 67054 14008d75a 67058 14008d765 _Receive_impl 67054->67058 67201 140044600 44 API calls 4 library calls 67054->67201 67055->67054 67190 14008f150 67055->67190 67059 1400ae860 _Strcoll 3 API calls 67058->67059 67060 14008d829 67058->67060 67061 14007f60d 67059->67061 67061->66992 67061->67018 67062->67055 67063->66994 67064->67000 67065->67017 67066->67017 67067->67017 67068->66979 67069->67030 67071->66998 67073 140060c10 67072->67073 67077 140060bed 67072->67077 67075 140060c1e 67073->67075 67076 14004af10 44 API calls 67073->67076 67074 140060c0a 67074->67037 67075->67037 67076->67075 67077->67074 67122 14002cdc0 44 API calls 67077->67122 67079 140060c73 67080 1400b0e88 Concurrency::cancel_current_task RaiseException 67079->67080 67081 140060c84 _Receive_impl 67080->67081 67082 140060de5 67081->67082 67123 14005f640 44 API calls _Yarn 67081->67123 67082->67037 67084 140060fcc 67125 14005f640 44 API calls _Yarn 67084->67125 67087 140060f99 67087->67084 67089 140061152 67087->67089 67124 140054dd0 44 API calls _Strcoll 67087->67124 67088 140060fef 67126 140054dd0 44 API calls _Strcoll 67088->67126 67091 14006117d 67089->67091 67130 14005f4d0 44 API calls 2 library calls 67089->67130 67100 1400611a6 _Receive_impl 67091->67100 67131 14005f050 44 API calls 2 library calls 67091->67131 67094 14006103d 67108 140061069 67094->67108 67128 14005f050 44 API calls 2 library calls 67094->67128 67095 140061006 67095->67094 67095->67100 67095->67108 67127 14005f4d0 44 API calls 2 library calls 67095->67127 67096 1400611b3 67098 1400611eb 67096->67098 67132 14005f4d0 44 API calls 2 library calls 67096->67132 67098->67100 67133 14005f050 44 API calls 2 library calls 67098->67133 67099 14005f4d0 44 API calls 67099->67108 67103 1400ae860 _Strcoll 3 API calls 67100->67103 67107 1400612ea 67100->67107 67106 1400612cf 67103->67106 67105 140054dd0 44 API calls 67105->67108 67106->67037 67108->67096 67108->67099 67108->67100 67108->67105 67129 14005f050 44 API calls 2 library calls 67108->67129 67111 1400408d3 67110->67111 67112 140043430 42 API calls 67111->67112 67113 14004092b 67111->67113 67115 1400408f6 67112->67115 67114 1400ae860 _Strcoll 3 API calls 67113->67114 67116 140040999 67114->67116 67115->67113 67117 140040916 67115->67117 67134 140097d7c 67115->67134 67116->67042 67117->67113 67142 140097374 67117->67142 67120->67040 67121->67044 67122->67079 67123->67087 67124->67087 67125->67088 67126->67095 67127->67094 67128->67108 67129->67108 67130->67091 67131->67100 67132->67098 67133->67100 67135 140097dac 67134->67135 67151 140097b0c 67135->67151 67138 140097dea 67140 140097dff 67138->67140 67163 14008f864 42 API calls 3 library calls 67138->67163 67140->67117 67143 14009739d 67142->67143 67144 140097388 67142->67144 67143->67144 67146 1400973a2 67143->67146 67174 140094e68 8 API calls memcpy_s 67144->67174 67166 1400a0274 67146->67166 67147 14009738d 67175 140098234 42 API calls _invalid_parameter_noinfo 67147->67175 67150 140097398 67150->67113 67152 140097b76 67151->67152 67153 140097b36 67151->67153 67152->67153 67155 140097b82 67152->67155 67165 140098168 42 API calls 2 library calls 67153->67165 67164 140094934 EnterCriticalSection 67155->67164 67161 140097b5d 67161->67138 67162 14008f864 42 API calls 3 library calls 67161->67162 67162->67138 67163->67140 67165->67161 67167 1400a02a4 67166->67167 67176 14009fd80 67167->67176 67170 1400a02e3 67173 1400a02f8 67170->67173 67187 14008f864 42 API calls 3 library calls 67170->67187 67173->67150 67174->67147 67175->67150 67177 14009fdca 67176->67177 67178 14009fd9b 67176->67178 67188 140094934 EnterCriticalSection 67177->67188 67189 140098168 42 API calls 2 library calls 67178->67189 67181 14009fdbb 67181->67170 67186 14008f864 42 API calls 3 library calls 67181->67186 67186->67170 67187->67173 67189->67181 67202 14008f080 67190->67202 67192 14008f362 67192->67054 67193 14008f394 67206 14002b8e0 44 API calls 67193->67206 67195 14008f39f 67207 14002b820 44 API calls 2 library calls 67195->67207 67196 1400ae888 44 API calls std::_Facet_Register 67200 14008f18c _Yarn _Receive_impl 67196->67200 67198 14008f080 44 API calls 67198->67200 67199 14008f3a5 67200->67192 67200->67193 67200->67195 67200->67196 67200->67198 67201->67058 67203 14008f096 67202->67203 67204 14008f0b3 67202->67204 67203->67204 67205 140040ca0 44 API calls 67203->67205 67204->67200 67205->67204 67207->67199 67214 1400a69a4 67208->67214 67210 1400bb269 __std_fs_code_page 67210->66204 67212->66205 67215 140099eec _Getctype 42 API calls 67214->67215 67216 1400a69ad 67215->67216 67217 14009c178 _Getctype 42 API calls 67216->67217 67218 1400a69c6 67217->67218 67218->67210 67220->66231 67221->66239 67223 14007d547 RegOpenKeyExA 67222->67223 67224 14007d544 67222->67224 67225 14007d573 RegCloseKey 67223->67225 67230 14007d579 67223->67230 67224->67223 67225->67230 67226 14007d5f4 67227 1400ae860 _Strcoll 3 API calls 67226->67227 67228 14007d60b 67227->67228 67228->65613 67230->67226 67231 14007d5a7 67230->67231 67235 14007d620 67 API calls 3 library calls 67230->67235 67232 1400870e0 47 API calls 67231->67232 67234 14007d5ca 67232->67234 67233 14007d510 70 API calls 67233->67234 67234->67226 67234->67233 67235->67230 67236->65659 67237->65659 67238->65659 67244 1400458c0 67240->67244 67241 1400459dc 67424 14002b8e0 44 API calls 67241->67424 67244->67241 67245 14004593d _Yarn 67244->67245 67247 14004591b 67244->67247 67248 140045979 67244->67248 67245->65694 67246 1400ae888 std::_Facet_Register 44 API calls 67249 140045934 67246->67249 67247->67246 67247->67249 67250 1400ae888 std::_Facet_Register 44 API calls 67248->67250 67249->67245 67423 14002b820 44 API calls 2 library calls 67249->67423 67250->67245 67253 140044f85 67252->67253 67253->67253 67254 140043d70 44 API calls 67253->67254 67255 140044f99 67254->67255 67255->65694 67257 140032185 67256->67257 67258 14003239a RegOpenKeyExA 67257->67258 67259 140032417 RegQueryValueExA 67258->67259 67263 14003245c _Receive_impl 67258->67263 67259->67263 67260 1400324f7 RegCloseKey 67261 1400324fd _Receive_impl 67260->67261 67262 14002eaf0 49 API calls 67261->67262 67265 140032a01 _Receive_impl 67261->67265 67266 140032c4e 67261->67266 67264 1400325cb 67262->67264 67263->67260 67263->67261 67263->67266 67264->67265 67271 140045140 55 API calls 67264->67271 67267 140032c2e 67265->67267 67272 140032bdb _Receive_impl 67265->67272 67274 140032c70 67265->67274 67277 140032c8e 67265->67277 67269 14002e1d0 44 API calls 67266->67269 67427 14002e240 44 API calls Concurrency::cancel_current_task 67267->67427 67268 1400ae860 _Strcoll 3 API calls 67273 140032bfe 67268->67273 67269->67274 67289 14003262b _Receive_impl 67271->67289 67272->67268 67290 140032ca0 67273->67290 67275 14002cf70 RaiseException 67274->67275 67275->67277 67276 14007f8f0 99 API calls 67276->67289 67279 14002e7b0 46 API calls 67279->67289 67280 14002d4e0 44 API calls 67280->67289 67281 14002d370 44 API calls 67281->67289 67282 140045310 44 API calls 67282->67289 67283 1400455e0 44 API calls 67283->67289 67284 140043ff0 44 API calls 67284->67289 67285 14005d590 44 API calls 67285->67289 67286 140041900 44 API calls 67286->67289 67287 1400429b0 44 API calls 67287->67289 67289->67265 67289->67266 67289->67274 67289->67276 67289->67279 67289->67280 67289->67281 67289->67282 67289->67283 67289->67284 67289->67285 67289->67286 67289->67287 67425 140043a40 44 API calls 3 library calls 67289->67425 67426 1400417a0 44 API calls 2 library calls 67289->67426 67291 140032d75 67290->67291 67292 140032fb0 RegOpenKeyExA 67291->67292 67293 140033030 RegQueryValueExA 67292->67293 67297 140033074 _Receive_impl 67292->67297 67293->67297 67294 1400330f7 RegCloseKey 67295 1400330fd _Receive_impl 67294->67295 67296 14002eaf0 49 API calls 67295->67296 67299 140033789 _Receive_impl 67295->67299 67300 1400339ca 67295->67300 67311 1400331c2 67296->67311 67297->67294 67297->67295 67297->67300 67298 1400339b0 67430 14002e240 44 API calls Concurrency::cancel_current_task 67298->67430 67299->67298 67302 14003395d _Receive_impl 67299->67302 67308 1400339e9 67299->67308 67314 140033a1d 67299->67314 67304 14002e1d0 44 API calls 67300->67304 67303 1400ae860 _Strcoll 3 API calls 67302->67303 67305 140033980 67303->67305 67304->67308 67329 140033a30 67305->67329 67306 14002e1d0 44 API calls 67312 140033a05 67306->67312 67307 140036940 44 API calls 67309 1400332c8 67307->67309 67308->67306 67310 140045140 55 API calls 67309->67310 67327 140033303 _Receive_impl 67310->67327 67311->67299 67311->67307 67313 14002cf70 RaiseException 67312->67313 67313->67314 67315 14002eaf0 49 API calls 67315->67327 67316 14007f8f0 99 API calls 67316->67327 67317 14002e7b0 46 API calls 67317->67327 67319 14002d4e0 44 API calls 67319->67327 67320 14002d370 44 API calls 67320->67327 67321 140045310 44 API calls 67321->67327 67322 1400455e0 44 API calls 67322->67327 67323 14005d590 44 API calls 67323->67327 67324 140041900 44 API calls 67324->67327 67325 1400429b0 44 API calls 67325->67327 67327->67299 67327->67300 67327->67308 67327->67312 67327->67315 67327->67316 67327->67317 67327->67319 67327->67320 67327->67321 67327->67322 67327->67323 67327->67324 67327->67325 67328 140043ff0 44 API calls 67327->67328 67428 140043a40 44 API calls 3 library calls 67327->67428 67429 1400417a0 44 API calls 2 library calls 67327->67429 67328->67327 67330 140033b30 67329->67330 67331 14002d810 44 API calls 67330->67331 67332 140033b9c 67331->67332 67333 14002d810 44 API calls 67332->67333 67334 140033daf 67333->67334 67335 140080730 80 API calls 67334->67335 67336 140033fe2 67335->67336 67337 1400340b1 67336->67337 67338 140034a30 67336->67338 67399 140033ffa 67336->67399 67431 140078440 47 API calls 4 library calls 67337->67431 67340 14002cf70 RaiseException 67338->67340 67343 140034a35 67340->67343 67341 1400340e5 memcpy_s 67342 14004a910 73 API calls 67341->67342 67440 14002cdc0 44 API calls 67343->67440 67347 140034a5c 67351 1400ae860 _Strcoll 3 API calls 67352 140034a0e 67351->67352 67352->65677 67399->67351 67419->65694 67423->67241 67425->67289 67426->67289 67428->67327 67429->67327 67431->67341 67440->67347 67491 140099aa8 67502 14009990c 67491->67502 67493 140099b08 67495 140099acf 67493->67495 67497 140099b49 67493->67497 67520 14009e768 42 API calls 2 library calls 67493->67520 67508 140099934 67497->67508 67500 140099b3d 67500->67497 67521 1400a0318 67500->67521 67503 140099925 67502->67503 67504 140099915 67502->67504 67503->67493 67503->67495 67519 140099a2c 42 API calls _invalid_parameter_noinfo 67503->67519 67526 140094e68 8 API calls memcpy_s 67504->67526 67506 14009991a 67527 140098234 42 API calls _invalid_parameter_noinfo 67506->67527 67509 14009990c _fread_nolock 42 API calls 67508->67509 67510 140099959 67509->67510 67511 1400999fa 67510->67511 67512 140099969 67510->67512 67537 14009ce18 42 API calls 2 library calls 67511->67537 67513 1400999a5 67512->67513 67514 140099987 67512->67514 67517 140099995 67513->67517 67528 1400a0f48 67513->67528 67536 14009ce18 42 API calls 2 library calls 67514->67536 67517->67495 67519->67493 67520->67500 67522 14009da30 memcpy_s 8 API calls 67521->67522 67523 1400a033c 67522->67523 67524 14009d3c8 __free_lconv_num 8 API calls 67523->67524 67525 1400a0347 67524->67525 67525->67497 67526->67506 67527->67503 67529 1400a0f78 67528->67529 67538 1400a0d7c 67529->67538 67532 1400a0fb7 67534 1400a0fcc 67532->67534 67550 14008f864 42 API calls 3 library calls 67532->67550 67534->67517 67536->67517 67537->67517 67540 1400a0dd3 67538->67540 67548 1400a0da5 67538->67548 67539 1400a0dec 67553 140098168 42 API calls 2 library calls 67539->67553 67540->67539 67542 1400a0e43 67540->67542 67551 1400a555c EnterCriticalSection 67542->67551 67548->67532 67549 14008f864 42 API calls 3 library calls 67548->67549 67549->67532 67550->67534 67552 1400d5208 67551->67552 67553->67548 67554 140037633 67560 14002da40 67554->67560 67556 140037666 FindNextFileW 67557 140037684 67556->67557 67558 1400ae860 _Strcoll 3 API calls 67557->67558 67559 1400376ab 67558->67559 67561 14002da58 _Receive_impl 67560->67561 67561->67556 67562 140086e1b RegOpenKeyExA 67565 140086e45 RegQueryValueExA 67562->67565 67569 140086e84 _Receive_impl 67562->67569 67563 140086f1a 67567 1400ae860 _Strcoll 3 API calls 67563->67567 67564 140086f14 RegCloseKey 67564->67563 67565->67569 67568 140086f2d 67567->67568 67569->67563 67569->67564 67570 140052394 67609 140054580 67570->67609 67572 1400523b4 67573 14004c600 44 API calls 67572->67573 67574 1400523c0 67573->67574 67575 1400523d4 67574->67575 67576 14004c600 44 API calls 67574->67576 67577 14004b780 44 API calls 67575->67577 67576->67575 67578 140052757 67577->67578 67579 140051af0 44 API calls 67578->67579 67580 14005277d 67579->67580 67581 14004bd00 44 API calls 67580->67581 67582 14005278d 67581->67582 67583 14005279c 67582->67583 67584 140052beb 67582->67584 67588 14002eec0 9 API calls 67583->67588 67621 140043e90 43 API calls 67584->67621 67586 140052bf7 67587 1400b0e88 Concurrency::cancel_current_task RaiseException 67586->67587 67589 140052c07 67587->67589 67595 1400527b2 67588->67595 67622 140043e90 43 API calls 67589->67622 67591 140052c14 67592 1400b0e88 Concurrency::cancel_current_task RaiseException 67591->67592 67593 140052c24 67592->67593 67623 140043e90 43 API calls 67593->67623 67599 1400ae860 _Strcoll 3 API calls 67595->67599 67596 140052c31 67597 1400b0e88 Concurrency::cancel_current_task RaiseException 67596->67597 67598 140052c41 67597->67598 67624 140043e90 43 API calls 67598->67624 67601 140052b26 67599->67601 67602 140052c4e 67603 1400b0e88 Concurrency::cancel_current_task RaiseException 67602->67603 67604 140052c5e 67603->67604 67625 140043e90 43 API calls 67604->67625 67606 140052c6b 67607 1400b0e88 Concurrency::cancel_current_task RaiseException 67606->67607 67608 140052c7b 67607->67608 67610 1400545a5 67609->67610 67611 1400545d8 67610->67611 67612 140054681 67610->67612 67620 140054630 67610->67620 67613 1400ae888 std::_Facet_Register 44 API calls 67611->67613 67626 14002b9e0 44 API calls 67612->67626 67615 1400545fc 67613->67615 67617 1400429b0 44 API calls 67615->67617 67618 140054618 67617->67618 67619 1400437f0 44 API calls 67618->67619 67619->67620 67620->67572 67621->67586 67622->67591 67623->67596 67624->67602 67625->67606 67627 14007c600 67695 14007f820 GetCurrentProcess OpenProcessToken 67627->67695 67630 14007c624 67904 14007fb60 45 API calls 2 library calls 67630->67904 67631 14007c64e 67702 14008b9b0 GetCurrentProcess OpenProcessToken 67631->67702 67634 14007c62e 67905 14008a780 72 API calls _Strcoll 67634->67905 67637 14008b9b0 8 API calls 67639 14007c666 67637->67639 67638 14007c637 67641 14007c642 ExitProcess 67638->67641 67710 140088030 67639->67710 67641->67631 67644 14007c6f6 _Receive_impl 67645 14007c734 OpenMutexA 67644->67645 67654 14007c8c6 67644->67654 67646 14007c76d ExitProcess 67645->67646 67647 14007c779 CreateMutexA 67645->67647 67646->67647 67888 1400766f0 67647->67888 67696 14007f878 GetTokenInformation 67695->67696 67697 14007f8b4 67695->67697 67696->67697 67698 14007f8c1 CloseHandle 67697->67698 67699 14007f8cd 67697->67699 67698->67699 67700 1400ae860 _Strcoll 3 API calls 67699->67700 67701 14007c620 67700->67701 67701->67630 67701->67631 67703 14008ba1b LookupPrivilegeValueW 67702->67703 67704 14008ba86 67702->67704 67703->67704 67705 14008ba3c AdjustTokenPrivileges 67703->67705 67706 14008ba9a 67704->67706 67707 14008ba8e CloseHandle 67704->67707 67705->67704 67708 1400ae860 _Strcoll 3 API calls 67706->67708 67707->67706 67709 14007c65a 67708->67709 67709->67637 67906 140086c70 GetCurrentHwProfileW 67710->67906 67714 140088139 67715 140088183 67714->67715 68048 14008fb34 44 API calls 67714->68048 67928 14008d4f0 67715->67928 67718 140088193 67721 1400881dc 67718->67721 67722 14008820c _Yarn _Receive_impl 67718->67722 68049 1400989b0 42 API calls _Getctype 67718->68049 67720 1400882da _Receive_impl 67724 1400ae860 _Strcoll 3 API calls 67720->67724 67721->67722 68050 1400989b0 42 API calls _Getctype 67721->68050 67722->67720 67725 14008831c 67722->67725 67726 14007c670 67724->67726 67940 140086540 67725->67940 67884 14007d030 67726->67884 67737 140088030 135 API calls 67738 1400883bd 67737->67738 67993 140085fc0 67738->67993 67740 1400883c7 67741 14005d590 44 API calls 67740->67741 67742 1400883f1 67741->67742 67743 140041900 44 API calls 67742->67743 67744 14008844b 67743->67744 67745 140041900 44 API calls 67744->67745 67746 14008848e 67745->67746 67747 140043ff0 44 API calls 67746->67747 67748 1400884be 67747->67748 67749 14005d590 44 API calls 67748->67749 67750 1400884e7 67749->67750 67751 140041900 44 API calls 67750->67751 67752 140088536 67751->67752 67753 140041900 44 API calls 67752->67753 67754 140088585 67753->67754 67755 140043ff0 44 API calls 67754->67755 67756 1400885b5 67755->67756 67757 14005d590 44 API calls 67756->67757 67758 1400885de 67757->67758 67759 140041900 44 API calls 67758->67759 67760 14008862c 67759->67760 67761 140041900 44 API calls 67760->67761 67762 14008867b 67761->67762 67763 140043ff0 44 API calls 67762->67763 67764 1400886ab 67763->67764 67765 14005d590 44 API calls 67764->67765 67766 1400886d4 67765->67766 67767 140041900 44 API calls 67766->67767 67768 140088726 67767->67768 67769 140041900 44 API calls 67768->67769 67770 140088775 67769->67770 67771 140043ff0 44 API calls 67770->67771 67772 1400887a5 GlobalMemoryStatusEx 67771->67772 67773 1400887ce 67772->67773 67774 140043ff0 44 API calls 67773->67774 67775 140088810 67774->67775 67776 140041900 44 API calls 67775->67776 67777 14008886e 67776->67777 67778 140041900 44 API calls 67777->67778 67779 1400888be 67778->67779 67780 140043ff0 44 API calls 67779->67780 67781 1400888ee 67780->67781 67782 14005d590 44 API calls 67781->67782 67783 14008891a 67782->67783 67784 140041900 44 API calls 67783->67784 67785 140088968 67784->67785 67786 140041900 44 API calls 67785->67786 67787 1400889b7 67786->67787 67788 140043ff0 44 API calls 67787->67788 67789 1400889e7 67788->67789 67790 14005d590 44 API calls 67789->67790 67791 140088a0d 67790->67791 67792 140041900 44 API calls 67791->67792 67793 140088a5b 67792->67793 67794 140041900 44 API calls 67793->67794 67795 140088b1e 67794->67795 67796 140043ff0 44 API calls 67795->67796 67797 140088b4e 67796->67797 67997 140085b70 12 API calls 67797->67997 67800 140045310 44 API calls 67801 140088b7e 67800->67801 67802 1400455e0 44 API calls 67801->67802 67803 140088b94 67802->67803 67804 140041900 44 API calls 67803->67804 67805 140088be2 67804->67805 67885 14007d052 67884->67885 67885->67885 67886 140070920 45 API calls 67885->67886 67887 14007d066 67886->67887 67887->67644 67889 140076721 67888->67889 68256 1400775e0 44 API calls _Receive_impl 67889->68256 67891 140076e3c 68257 140044600 44 API calls 4 library calls 67891->68257 67893 140076e7f 68258 140070040 44 API calls 67893->68258 67895 140076eb7 67896 140041900 44 API calls 67895->67896 67897 140076f2b 67896->67897 67898 1400457c0 44 API calls 67897->67898 67899 140076f3b 67898->67899 68259 140045ad0 44 API calls 2 library calls 67899->68259 67901 140076f51 _Receive_impl 67902 140041900 44 API calls 67901->67902 67903 140077089 67902->67903 67904->67634 67905->67638 67907 140086cba 67906->67907 67909 140086d19 67906->67909 67908 1400778f0 44 API calls 67907->67908 67913 140086cc9 67908->67913 67910 1400ae860 _Strcoll 3 API calls 67909->67910 67911 140086d91 67910->67911 67914 140086290 67911->67914 67913->67909 68051 14008fb34 44 API calls 67913->68051 68052 14007f9e0 67914->68052 67918 140086333 memcpy_s _Receive_impl 67919 140086381 67918->67919 67920 140086457 67918->67920 68063 1400786d0 62 API calls 67918->68063 67921 1400ae860 _Strcoll 3 API calls 67919->67921 67922 14008643e 67921->67922 67922->67714 67924 1400863bd 68064 140078830 61 API calls 2 library calls 67924->68064 67926 1400863e4 67927 14003fe50 44 API calls 67926->67927 67927->67919 67929 14008d638 67928->67929 67932 14008d539 67928->67932 68075 14002b8e0 44 API calls 67929->68075 67933 14008d578 67932->67933 67934 14008d5d6 67932->67934 67935 14008d59a _Yarn 67932->67935 67936 1400ae888 std::_Facet_Register 44 API calls 67933->67936 67938 14008d591 67933->67938 67937 1400ae888 std::_Facet_Register 44 API calls 67934->67937 67935->67718 67936->67938 67937->67935 67938->67935 68074 14002b820 44 API calls 2 library calls 67938->68074 67941 140086599 memcpy_s 67940->67941 67942 1400ae888 std::_Facet_Register 44 API calls 67941->67942 67943 140086603 67942->67943 68076 14004cad0 67943->68076 67945 140086648 EnumDisplayDevicesW 67946 140086709 67945->67946 67947 140086665 _Receive_impl 67945->67947 67949 140086711 67946->67949 67954 140043d70 44 API calls 67946->67954 67948 1400778f0 44 API calls 67947->67948 67953 1400866d1 EnumDisplayDevicesW 67947->67953 67955 14008684f 67947->67955 68086 14008dbf0 44 API calls 2 library calls 67947->68086 67948->67947 67951 1400ae860 _Strcoll 3 API calls 67949->67951 67952 14008682e 67951->67952 67956 140086460 RegGetValueA 67952->67956 67953->67946 67953->67947 67954->67946 67957 1400864dd 67956->67957 67958 1400ae860 _Strcoll 3 API calls 67957->67958 67959 14008651f 67958->67959 67960 140086860 67959->67960 67961 1400868ef 67960->67961 67964 140086900 _Receive_impl 67960->67964 67962 140048560 44 API calls 67961->67962 67962->67964 67963 140043d70 44 API calls 67963->67964 67964->67963 67965 1400869de 67964->67965 67969 140086c4b 67964->67969 68088 1400bd0b4 GetNativeSystemInfo 67965->68088 67967 1400869e3 68089 140070920 67967->68089 67970 140086a84 67971 140043d70 44 API calls 67970->67971 67972 140086ace 67971->67972 67973 140043d70 44 API calls 67972->67973 67975 140086b28 _Receive_impl 67973->67975 67974 1400ae860 _Strcoll 3 API calls 67976 140086c2e 67974->67976 67975->67969 67975->67974 67977 140086150 67976->67977 68095 1400af520 67977->68095 67980 14008619f 67981 1400778f0 44 API calls 67980->67981 67982 1400861ac 67981->67982 67983 1400ae860 _Strcoll 3 API calls 67982->67983 67984 1400861de 67983->67984 67985 1400861f0 67984->67985 67986 1400af520 _Strcoll 67985->67986 67987 140086200 GetComputerNameW 67986->67987 67988 14008623f 67987->67988 67990 14008624c 67987->67990 67989 1400778f0 44 API calls 67988->67989 67989->67990 67991 1400ae860 _Strcoll 3 API calls 67990->67991 67992 14008627e 67991->67992 67992->67737 67994 1400860c0 67993->67994 68097 140085240 67994->68097 67996 1400860e4 _Receive_impl 67996->67740 67998 140085cc0 SelectObject DeleteDC ReleaseDC DeleteObject 67997->67998 67999 140085d28 67997->67999 68001 140085d20 67998->68001 68129 14007e970 67999->68129 68004 1400ae860 _Strcoll 3 API calls 68001->68004 68002 140085dd5 EnterCriticalSection LeaveCriticalSection 68137 14007eb00 GetObjectW 68002->68137 68006 140085f95 68004->68006 68006->67800 68048->67714 68049->67718 68050->67721 68051->67913 68065 14007dec0 68052->68065 68056 14007fa2d 68057 140036940 44 API calls 68056->68057 68061 14007fb42 68056->68061 68058 14007fa9e 68057->68058 68059 14007fb07 _Receive_impl 68058->68059 68058->68061 68060 1400ae860 _Strcoll 3 API calls 68059->68060 68062 14007fb2c GetVolumeInformationW 68060->68062 68071 14007dcd0 44 API calls Concurrency::cancel_current_task 68061->68071 68062->67918 68063->67924 68064->67926 68066 14007df3f 68065->68066 68069 14007df20 __std_fs_get_current_path 68065->68069 68066->68069 68072 140048b50 44 API calls 4 library calls 68066->68072 68070 14007e055 68069->68070 68073 140048b50 44 API calls 4 library calls 68069->68073 68070->68056 68072->68069 68073->68069 68074->67929 68077 14004cafc 68076->68077 68085 14004cb21 _Receive_impl 68076->68085 68078 14004cc02 68077->68078 68080 14004cb57 68077->68080 68081 14004cb2e 68077->68081 68077->68085 68087 14002b820 44 API calls 2 library calls 68078->68087 68083 1400ae888 std::_Facet_Register 44 API calls 68080->68083 68081->68078 68082 14004cb3b 68081->68082 68084 1400ae888 std::_Facet_Register 44 API calls 68082->68084 68083->68085 68084->68085 68085->67945 68086->67947 68087->68085 68088->67967 68090 1400709e5 68089->68090 68093 140070950 _Yarn 68089->68093 68094 1400745c0 45 API calls 4 library calls 68090->68094 68092 1400709fa 68092->67970 68093->67970 68094->68092 68096 140086160 GetUserNameW 68095->68096 68096->67980 68096->67982 68098 1400853e0 68097->68098 68098->68098 68099 1400853f7 InternetOpenA 68098->68099 68100 1400854b5 InternetOpenUrlA 68099->68100 68113 140085422 68099->68113 68102 140085529 HttpQueryInfoW 68100->68102 68100->68113 68104 14008558f HttpQueryInfoW 68102->68104 68105 140085556 68102->68105 68103 1400ae860 _Strcoll 3 API calls 68108 14008549a 68103->68108 68106 1400855ec 68104->68106 68107 140085618 InternetQueryDataAvailable 68104->68107 68105->68104 68127 140094550 42 API calls 2 library calls 68106->68127 68111 140085813 InternetCloseHandle 68107->68111 68125 140085634 68107->68125 68108->67996 68110 1400858af 68128 14002b820 44 API calls 2 library calls 68110->68128 68111->68113 68112 1400855fd 68112->68107 68116 140048560 44 API calls 68112->68116 68113->68110 68120 140085476 _Receive_impl 68113->68120 68115 1400856d9 InternetReadFile 68121 1400857cd _Receive_impl 68115->68121 68123 14008568e _Yarn memcpy_s _Receive_impl 68115->68123 68118 14008560e 68116->68118 68117 1400858c0 68118->68107 68119 1400ae888 std::_Facet_Register 44 API calls 68119->68123 68120->68103 68121->68110 68121->68111 68122 1400ae888 std::_Facet_Register 44 API calls 68122->68125 68123->68110 68123->68115 68123->68119 68123->68121 68124 140049030 44 API calls 68123->68124 68123->68125 68126 1400857a6 InternetQueryDataAvailable 68123->68126 68124->68123 68125->68110 68125->68111 68125->68115 68125->68122 68125->68123 68126->68111 68126->68123 68127->68112 68128->68117 68130 14007e990 68129->68130 68136 14007e9ef 68129->68136 68190 1400aef50 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 68130->68190 68136->68002 68138 14007eb44 68137->68138 68139 1400ae860 _Strcoll 3 API calls 68138->68139 68140 14007ebdb 68139->68140 68141 14007ebf0 68140->68141 68142 14007e970 13 API calls 68141->68142 68256->67891 68257->67893 68258->67895 68259->67901 68260 14006d080 68261 14002eaf0 49 API calls 68260->68261 68262 14006d0df 68261->68262 68263 14002eaf0 49 API calls 68262->68263 68264 14006d954 68263->68264 68265 14002d4e0 44 API calls 68264->68265 68275 14006dd76 _Receive_impl 68264->68275 68267 14006d98a 68265->68267 68266 1400ae860 _Strcoll 3 API calls 68268 14006dda1 68266->68268 68269 14002d370 44 API calls 68267->68269 68270 14006d998 68269->68270 68323 14006fdd0 68270->68323 68273 14007f8f0 99 API calls 68274 14006da5d 68273->68274 68274->68275 68276 14006ddbd 68274->68276 68275->68266 68277 1400479f0 44 API calls 68276->68277 68278 14006dde5 68277->68278 68279 140047ac0 44 API calls 68278->68279 68280 14006ddfa 68279->68280 68281 1400b0e88 Concurrency::cancel_current_task RaiseException 68280->68281 68282 14006de0d 68281->68282 68283 14002e1d0 44 API calls 68282->68283 68284 14006de1d 68283->68284 68285 14002e1d0 44 API calls 68284->68285 68286 14006de2f 68285->68286 68287 14002e1d0 44 API calls 68286->68287 68288 14006de3f 68287->68288 68289 14002e1d0 44 API calls 68288->68289 68290 14006de67 68289->68290 68291 14002cf70 RaiseException 68290->68291 68292 14006de79 68291->68292 68293 14002e1d0 44 API calls 68292->68293 68294 14006de8f 68293->68294 68295 14002cf70 RaiseException 68294->68295 68296 14006dea1 68295->68296 68297 14002d4e0 44 API calls 68296->68297 68298 14006def7 68297->68298 68299 14002d370 44 API calls 68298->68299 68300 14006df08 68299->68300 68301 14002d810 44 API calls 68300->68301 68302 14006e406 68301->68302 68303 14002d810 44 API calls 68302->68303 68304 14006e64d 68303->68304 68305 14007f020 99 API calls 68304->68305 68306 14006e65e 68305->68306 68327 140042c80 63 API calls 5 library calls 68306->68327 68308 14006e97e 68328 140047600 44 API calls 3 library calls 68308->68328 68310 14006e9be 68319 14006f363 68310->68319 68329 14002ea50 51 API calls _Strcoll 68310->68329 68312 14006e9da 68313 14006f477 68312->68313 68312->68319 68314 14002cf70 RaiseException 68313->68314 68315 14006f47c 68314->68315 68330 14002e240 44 API calls Concurrency::cancel_current_task 68315->68330 68320 1400ae860 _Strcoll 3 API calls 68319->68320 68322 14006f448 68320->68322 68324 14006fdf6 68323->68324 68325 140070920 45 API calls 68324->68325 68326 14006d9ab 68325->68326 68326->68273 68327->68308 68328->68310 68329->68312 68331 14004c8de 68336 14004d4b0 68331->68336 68334 1400ae860 _Strcoll 3 API calls 68335 14004c91b 68334->68335 68338 14004d4d6 68336->68338 68337 14004d502 68340 14004e200 44 API calls 68337->68340 68338->68337 68342 140059fb0 44 API calls 4 library calls 68338->68342 68341 14004c8e6 68340->68341 68341->68334 68342->68337 68343 14006a41b 68344 14006a433 _Receive_impl 68343->68344 68345 14006a515 _Receive_impl 68344->68345 68348 14006a8d0 68344->68348 68346 1400ae860 _Strcoll 3 API calls 68345->68346 68347 14006a543 68346->68347 68405 140080040 68348->68405 68350 14006a93f memcpy_s 68351 14006a97e GetModuleFileNameW 68350->68351 68352 14006a9c0 68351->68352 68352->68352 68353 140036940 44 API calls 68352->68353 68354 14006a9dd 68353->68354 68355 140036940 44 API calls 68354->68355 68356 14006abfe 68355->68356 68357 140036bd0 44 API calls 68356->68357 68358 14006ac0c 68357->68358 68469 140045fd0 44 API calls 68358->68469 68360 14006ac26 68361 140036940 44 API calls 68360->68361 68362 14006ae9d 68361->68362 68363 140036bd0 44 API calls 68362->68363 68364 14006aeab 68363->68364 68470 140045fd0 44 API calls 68364->68470 68366 14006aec6 68367 140036940 44 API calls 68366->68367 68368 14006b13e 68367->68368 68471 14002d4a0 44 API calls 68368->68471 68370 14006b15a 68472 140045fd0 44 API calls 68370->68472 68372 14006b16f 68373 140036940 44 API calls 68372->68373 68374 14006b61d 68373->68374 68375 140036bd0 44 API calls 68374->68375 68376 14006b62e 68375->68376 68473 140045fd0 44 API calls 68376->68473 68378 14006b64c 68379 140036940 44 API calls 68378->68379 68380 14006b8dd 68379->68380 68381 140036bd0 44 API calls 68380->68381 68382 14006b8ee 68381->68382 68474 140045fd0 44 API calls 68382->68474 68384 14006b90c 68385 140036940 44 API calls 68384->68385 68386 14006bb90 68385->68386 68387 140036bd0 44 API calls 68386->68387 68388 14006bba1 68387->68388 68475 140045fd0 44 API calls 68388->68475 68390 14006bbbf 68391 140036940 44 API calls 68390->68391 68392 14006bdaa 68391->68392 68393 140036bd0 44 API calls 68392->68393 68394 14006bdbb 68393->68394 68476 140045fd0 44 API calls 68394->68476 68396 14006bdd9 68397 140036940 44 API calls 68396->68397 68398 14006c0ef 68397->68398 68399 140036bd0 44 API calls 68398->68399 68400 14006c100 68399->68400 68477 140045fd0 44 API calls 68400->68477 68402 14006c11e 68403 14002cf70 RaiseException 68402->68403 68404 14006c2dc 68403->68404 68406 1400800d3 68405->68406 68407 14002d810 44 API calls 68406->68407 68408 1400800f8 _Receive_impl 68407->68408 68409 14002eaf0 49 API calls 68408->68409 68411 140080647 68408->68411 68412 140080164 memcpy_s 68409->68412 68410 1400801a6 68410->68411 68445 140080207 _Receive_impl 68410->68445 68482 14002e240 44 API calls Concurrency::cancel_current_task 68411->68482 68412->68410 68414 14004a910 73 API calls 68412->68414 68417 140080289 68414->68417 68415 14008066f 68483 14002cdc0 44 API calls 68415->68483 68416 1400ae860 _Strcoll 3 API calls 68418 140080239 68416->68418 68419 140080539 68417->68419 68420 1400802cd 68417->68420 68418->68350 68481 1400412f0 43 API calls 68419->68481 68421 1400456a0 44 API calls 68420->68421 68424 140080302 68421->68424 68428 14008031f 68424->68428 68429 1400803a2 68424->68429 68425 140080696 68426 1400b0e88 Concurrency::cancel_current_task RaiseException 68425->68426 68427 1400806a7 68426->68427 68484 14002cdc0 44 API calls 68427->68484 68428->68415 68431 140080351 68428->68431 68430 14008c0b0 44 API calls 68429->68430 68433 1400803b6 68430->68433 68434 1400413a0 45 API calls 68431->68434 68439 1400803cd 68433->68439 68440 140080450 68433->68440 68436 14008035e 68434->68436 68435 1400806d0 68437 1400b0e88 Concurrency::cancel_current_task RaiseException 68435->68437 68438 140043ff0 44 API calls 68436->68438 68448 1400806e4 68437->68448 68441 14008037e 68438->68441 68439->68427 68444 1400803ff 68439->68444 68443 14008c0b0 44 API calls 68440->68443 68478 140034ac0 43 API calls 68441->68478 68446 140080464 68443->68446 68447 1400413a0 45 API calls 68444->68447 68445->68416 68449 14008c0b0 44 API calls 68446->68449 68450 14008040c 68447->68450 68485 14002cdc0 44 API calls 68448->68485 68452 140080473 68449->68452 68453 140043ff0 44 API calls 68450->68453 68455 1400457c0 44 API calls 68452->68455 68456 14008042c 68453->68456 68454 14008070e 68457 1400b0e88 Concurrency::cancel_current_task RaiseException 68454->68457 68458 140080483 68455->68458 68479 140034ac0 43 API calls 68456->68479 68460 140080722 68457->68460 68458->68448 68461 1400804b6 68458->68461 68462 1400413a0 45 API calls 68461->68462 68463 1400804c3 68462->68463 68464 1400429b0 44 API calls 68463->68464 68465 1400804d3 68464->68465 68466 140043ff0 44 API calls 68465->68466 68467 140080502 68466->68467 68480 140034ac0 43 API calls 68467->68480 68469->68360 68470->68366 68471->68370 68472->68372 68473->68378 68474->68384 68475->68390 68476->68396 68477->68402 68478->68445 68479->68445 68480->68445 68481->68410 68483->68425 68484->68435 68485->68454 68486 14008cb57 68487 14008cb61 68486->68487 68488 14008d050 44 API calls 68487->68488 68489 14008cb70 68488->68489 68490 1400ae860 _Strcoll 3 API calls 68489->68490 68491 14008ceb3 68490->68491

                                                                    Executed Functions

                                                                    Function 0000000140085B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                    • String ID:
                                                                    • API String ID: 3214587331-3916222277
                                                                    • Opcode ID: 4710b68569ca780a62200bacad1ebb062b7f91ede9e3e6ff6f294ad99d40d26f
                                                                    • Instruction ID: 703b3a6d47ced6971692c6e043727a25a26f8932f149495a63e694f68f4715db
                                                                    • Opcode Fuzzy Hash: 4710b68569ca780a62200bacad1ebb062b7f91ede9e3e6ff6f294ad99d40d26f
                                                                    • Instruction Fuzzy Hash: A4B12E32208BC086E761DB22E8543DEB7A5FB8DBC1F408515EB8A43B69DF38C185CB40
                                                                    Function 00000001400BB5B0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 40 1400bb5b0-1400bb5f0 41 1400bb5f2-1400bb5f9 40->41 42 1400bb605-1400bb60e 40->42 41->42 43 1400bb5fb-1400bb600 41->43 44 1400bb62a-1400bb62c 42->44 45 1400bb610-1400bb613 42->45 46 1400bb884-1400bb8aa call 1400ae860 43->46 48 1400bb882 44->48 49 1400bb632-1400bb636 44->49 45->44 47 1400bb615-1400bb61d 45->47 50 1400bb61f-1400bb621 47->50 51 1400bb623-1400bb626 47->51 48->46 53 1400bb63c-1400bb63f 49->53 54 1400bb70d-1400bb734 call 1400bb984 49->54 50->44 50->51 51->44 56 1400bb653-1400bb665 GetFileAttributesExW 53->56 57 1400bb641-1400bb649 53->57 65 1400bb756-1400bb75f 54->65 66 1400bb736-1400bb73f 54->66 61 1400bb6b8-1400bb6c7 56->61 62 1400bb667-1400bb670 call 1400d5168 56->62 57->56 59 1400bb64b-1400bb64d 57->59 59->54 59->56 64 1400bb6cb-1400bb6cd 61->64 62->46 75 1400bb676-1400bb688 FindFirstFileW 62->75 70 1400bb6d9-1400bb707 64->70 71 1400bb6cf-1400bb6d7 64->71 68 1400bb813-1400bb81c 65->68 69 1400bb765-1400bb77d GetFileInformationByHandleEx 65->69 72 1400bb74f-1400bb751 66->72 73 1400bb741-1400bb749 call 1400d5140 66->73 78 1400bb86b-1400bb86d 68->78 79 1400bb81e-1400bb832 GetFileInformationByHandleEx 68->79 76 1400bb77f-1400bb78b call 1400d5168 69->76 77 1400bb7a5-1400bb7be 69->77 70->48 70->54 71->54 71->70 72->46 73->72 89 1400bb8c5-1400bb8ca call 1400998b4 73->89 81 1400bb68a-1400bb690 call 1400d5168 75->81 82 1400bb695-1400bb6b6 FindClose 75->82 101 1400bb79e-1400bb7a0 76->101 102 1400bb78d-1400bb798 call 1400d5140 76->102 77->68 88 1400bb7c0-1400bb7c4 77->88 83 1400bb8ab-1400bb8af 78->83 84 1400bb86f-1400bb873 78->84 86 1400bb834-1400bb840 call 1400d5168 79->86 87 1400bb858-1400bb868 79->87 81->46 82->64 94 1400bb8be-1400bb8c3 83->94 95 1400bb8b1-1400bb8bc call 1400d5140 83->95 84->48 91 1400bb875-1400bb880 call 1400d5140 84->91 86->101 112 1400bb846-1400bb851 call 1400d5140 86->112 87->78 96 1400bb80c 88->96 97 1400bb7c6-1400bb7e0 GetFileInformationByHandleEx 88->97 115 1400bb8cb-1400bb8d0 call 1400998b4 89->115 91->48 91->89 94->46 95->89 95->94 103 1400bb810 96->103 106 1400bb803-1400bb80a 97->106 107 1400bb7e2-1400bb7ee call 1400d5168 97->107 101->46 102->101 121 1400bb8d7-1400bb8df call 1400998b4 102->121 103->68 106->103 107->101 119 1400bb7f0-1400bb7fb call 1400d5140 107->119 122 1400bb853 112->122 123 1400bb8d1-1400bb8d6 call 1400998b4 112->123 115->123 119->115 130 1400bb801 119->130 122->101 123->121 130->101
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                    • String ID:
                                                                    • API String ID: 2398595512-0
                                                                    • Opcode ID: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
                                                                    • Instruction ID: fde7f6f548f3d5d2f6b779677d4d0ac92ef93c0439d4cbf494ca9037cd0bf826
                                                                    • Opcode Fuzzy Hash: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
                                                                    • Instruction Fuzzy Hash: 50918E32204E0147E6769FA7A8047AA23A4AB8D7F5F584714FBB6476F4DFB8CA05C740
                                                                    Function 0000000140088030 Relevance: 24.4, APIs: 3, Strings: 10, Instructions: 1600COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                                    • String ID: %d-%m-%Y, %H:%M:%S$703$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                    • API String ID: 2509368203-3080301907
                                                                    • Opcode ID: 105b35c7cd9f97e9bf0823eaba5ad81c6242bc7294dbbe056df0648c1a514868
                                                                    • Instruction ID: ef48f63d2ae941425971807c1aa70cd5c410dc9acdd5c2c92023eb79a0c271c1
                                                                    • Opcode Fuzzy Hash: 105b35c7cd9f97e9bf0823eaba5ad81c6242bc7294dbbe056df0648c1a514868
                                                                    • Instruction Fuzzy Hash: 34F25A33614BC085EB22DB26E8903DD77A1F799798F419616FB9D47BA9DB38C284C700
                                                                    Function 0000000140065970 Relevance: 22.8, Strings: 18, Instructions: 304COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 627 140065970-1400659b0 628 1400659b6-1400659c0 627->628 629 140065aaf-140065ab8 627->629 630 140065aa6-140065aac 628->630 631 1400659c6-1400659ce 628->631 632 140065b02-140065b14 call 1400bb4c0 629->632 633 140065aba-140065ac6 629->633 630->629 634 1400659d0-1400659d5 631->634 635 1400659db-1400659df 631->635 648 140065b56-140065b5a 632->648 649 140065b16-140065b1a 632->649 637 140065ac8-140065ad8 633->637 638 140065ada-140065ae1 call 140072660 633->638 634->630 634->635 641 140065a38-140065a3a 635->641 642 1400659e1-1400659ea 635->642 639 140065ae6-140065b00 call 14002e2a0 637->639 638->639 650 140065b5e-140065b64 639->650 641->629 645 140065a3c-140065a6c 641->645 646 1400659ef-140065a06 call 1400bb5b0 642->646 647 1400659ec 642->647 652 140065a9f-140065aa1 645->652 653 140065a6e-140065a80 645->653 665 140065a08-140065a12 646->665 666 140065a14-140065a17 646->666 647->646 648->650 655 140065b20-140065b26 649->655 656 140065cb3-140065cc0 call 14002e4f0 650->656 657 140065b6a-140065b6c 650->657 662 140065cc2-140065cf2 call 1400ae860 652->662 653->652 658 140065a82-140065a94 653->658 660 140065b28-140065b30 655->660 661 140065b54 655->661 656->662 664 140065b70-140065b73 657->664 658->652 683 140065a96-140065a99 658->683 667 140065b32-140065b36 660->667 668 140065b3f-140065b50 call 1400bb4c0 660->668 661->648 671 140065cf5-140065d29 664->671 672 140065b79-140065b81 664->672 665->641 675 140065a36 666->675 676 140065a19-140065a1c 666->676 667->661 674 140065b38-140065b3d 667->674 668->655 686 140065b52 668->686 679 140065d55-140065d57 671->679 680 140065d2b-140065d36 671->680 681 140065b87-140065bba call 1400bb4e0 * 2 672->681 682 140065cf3 672->682 674->661 674->668 675->641 676->675 684 140065a1e-140065a21 676->684 679->662 680->679 687 140065d38-140065d4a 680->687 697 140065bbf-140065bd2 call 14002d020 681->697 698 140065bbc 681->698 682->671 683->652 684->675 689 140065a23-140065a26 684->689 686->648 687->679 695 140065d4c-140065d4f 687->695 689->675 690 140065a28-140065a2b 689->690 690->641 692 140065a2d-140065a34 690->692 692->641 692->675 695->679 701 140065bd4-140065bdb 697->701 702 140065c2d-140065c37 697->702 698->697 703 140065be3 701->703 704 140065bdd-140065be1 701->704 705 140065c3d-140065c49 702->705 706 140065d5c-140065d61 call 1400445e0 702->706 707 140065be7-140065bea 703->707 704->703 704->707 709 140065c4e-140065c64 call 1400bb4c0 705->709 710 140065c4b 705->710 707->702 712 140065bec 707->712 709->664 716 140065c6a-140065c6e 709->716 710->709 715 140065bf0-140065bfc 712->715 717 140065bfe-140065c02 715->717 718 140065c0c-140065c0f 715->718 719 140065c70-140065c76 716->719 717->718 720 140065c04-140065c0a 717->720 718->702 721 140065c11-140065c1d 718->721 722 140065ca7-140065ca9 719->722 723 140065c78-140065c80 719->723 720->715 720->718 724 140065c25-140065c2b 721->724 725 140065c1f-140065c23 721->725 728 140065cab-140065cad 722->728 726 140065c82-140065c86 723->726 727 140065c90-140065ca1 call 1400bb4c0 723->727 724->702 724->721 725->702 725->724 726->722 729 140065c88-140065c8e 726->729 727->719 732 140065ca3-140065ca5 727->732 728->656 728->664 729->722 729->727 732->728
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .$@$@$Default$IndexedDB$Profile$cannot use push_back() with $chrome_key$content$directory_iterator::directory_iterator$exists$filename$gecko_browsers$key$prefs.js$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                                    • API String ID: 0-111102830
                                                                    • Opcode ID: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
                                                                    • Instruction ID: 76d522da9c60edd065d321252c96f4a617312223c2e0a99c55d01cc88780bd8f
                                                                    • Opcode Fuzzy Hash: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
                                                                    • Instruction Fuzzy Hash: 40C18232200B8586EB62EF26D8843ED63A2F76C7D5F644A11FB9D437A5DB78C941C740
                                                                    Function 0000000140066350 Relevance: 20.4, APIs: 1, Strings: 10, Instructions: 1136COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 733 140066350-1400669ee call 14002d4e0 call 14002d370 741 1400669f0-1400669f7 733->741 741->741 742 1400669f9-14006a9b7 call 140055c20 call 14002d810 call 14002eaf0 call 14002e240 call 140098254 * 3 call 14002e1d0 call 140098254 call 1400439b0 call 1400479f0 call 140047ac0 call 1400b0e88 call 140098254 * 2 call 14002cf70 call 14002e0c0 call 14002e1d0 call 14002e240 call 140098254 call 14002e1d0 * 2 call 140098254 call 1400439b0 call 1400479f0 call 140047ac0 call 1400b0e88 call 140098254 call 14002e0c0 call 14002cf70 call 140098254 call 14002e240 call 140098254 * 3 call 14002e1d0 call 140098254 call 1400439b0 call 1400479f0 call 140047ac0 call 1400b0e88 call 140098254 * 2 call 14002cf70 call 14002e0c0 call 14002e1d0 call 14002e240 call 14002e1d0 * 4 call 14002cf70 call 14002e1d0 * 3 call 14002cf70 call 140098254 * 3 call 140080040 call 1400c1650 GetModuleFileNameW 741->742 872 14006a9c0-14006a9c9 742->872 872->872 873 14006a9cb-14006abde call 140036940 872->873 876 14006abe1-14006abea 873->876 876->876 877 14006abec-14006ae7d call 140036940 call 140036bd0 call 140045fd0 876->877 887 14006ae80-14006ae89 877->887 887->887 888 14006ae8b-14006b11e call 140036940 call 140036bd0 call 140045fd0 887->888 898 14006b121-14006b12a 888->898 898->898 899 14006b12c-14006b600 call 140036940 call 14002d4a0 call 140045fd0 898->899 912 14006b603-14006b60c 899->912 912->912 913 14006b60e-14006b8bd call 140036940 call 140036bd0 call 140045fd0 912->913 923 14006b8c0-14006b8c9 913->923 923->923 924 14006b8cb-14006bb70 call 140036940 call 140036bd0 call 140045fd0 923->924 934 14006bb73-14006bb7c 924->934 934->934 935 14006bb7e-14006bd8b call 140036940 call 140036bd0 call 140045fd0 934->935 945 14006bd90-14006bd99 935->945 945->945 946 14006bd9b-14006c0c7 call 140036940 call 140036bd0 call 140045fd0 945->946 956 14006c0d0-14006c0d8 946->956 956->956 957 14006c0da-14006c326 call 140036940 call 140036bd0 call 140045fd0 call 14002cf70 call 140065d70 956->957
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                    • String ID: Default$Local State$Profile$User Data$cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                                    • API String ID: 3645842244-3151314615
                                                                    • Opcode ID: cb657a3996e88f9932c6a43c7c3531ce994b41ef932ca5a706a954d2abf0d1c6
                                                                    • Instruction ID: f21b02361ede85f61df800ca6bf13452383e2cb6baab2eb8982a43a3ae70ec85
                                                                    • Opcode Fuzzy Hash: cb657a3996e88f9932c6a43c7c3531ce994b41ef932ca5a706a954d2abf0d1c6
                                                                    • Instruction Fuzzy Hash: C7D21172519BC886D6718B1AE88139BB3A1F7DC784F505625EBCC53B69EB7CC294CB00
                                                                    Function 000000014003D570 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 971 14003d570-14003d66f LoadLibraryA 972 14003d675-14003da30 GetProcAddress * 6 971->972 973 14003e530-14003e53a 971->973 972->973 976 14003da36-14003da39 972->976 974 14003e53c-14003e53e 973->974 975 14003e549-14003e54c 973->975 974->975 977 14003e557-14003e586 call 1400ae860 975->977 978 14003e54e-14003e551 call 1400d5160 975->978 976->973 979 14003da3f-14003da42 976->979 978->977 979->973 983 14003da48-14003da4b 979->983 983->973 985 14003da51-14003da54 983->985 985->973 986 14003da5a-14003da5d 985->986 986->973 987 14003da63-14003da71 986->987 988 14003da75-14003da77 987->988 988->973 989 14003da7d-14003da89 988->989 989->973 990 14003da8f-14003da98 989->990 991 14003daa0-14003dabb 990->991 993 14003dac1-14003dadf 991->993 994 14003e517-14003e523 991->994 993->994 997 14003dae5-14003daf7 993->997 994->991 995 14003e529 994->995 995->973 998 14003e503-14003e512 997->998 999 14003dafd 997->999 998->994 1000 14003db02-14003db53 call 1400ae888 999->1000 1005 14003ddd2 1000->1005 1006 14003db59-14003db60 1000->1006 1008 14003ddd4-14003dddb 1005->1008 1006->1005 1007 14003db66-14003dc5f call 1400778f0 call 140045310 call 1400455e0 1006->1007 1033 14003dc60-14003dc68 1007->1033 1010 14003e051-14003e08d 1008->1010 1011 14003dde1-14003dde8 1008->1011 1019 14003e093-14003e0a1 1010->1019 1020 14003e327-14003e329 1010->1020 1011->1010 1013 14003ddee-14003dedb call 1400778f0 call 140045310 call 1400455e0 1011->1013 1046 14003dee2-14003deea 1013->1046 1023 14003e0a7-14003e0ae 1019->1023 1024 14003e320-14003e323 1019->1024 1025 14003e4d5-14003e4eb call 1400400f0 1020->1025 1026 14003e32f-14003e458 call 1400486b0 call 140041900 call 1400486b0 call 140041900 call 140043ff0 call 1400ae888 call 1400651b0 1020->1026 1023->1024 1031 14003e0b4-14003e1a8 call 1400778f0 call 140045310 call 1400455e0 1023->1031 1024->1020 1029 14003e325 1024->1029 1040 14003e4f1-14003e4fc 1025->1040 1041 14003db00 1025->1041 1119 14003e464-14003e477 call 1400437f0 1026->1119 1120 14003e45a-14003e45c 1026->1120 1029->1020 1061 14003e1b0-14003e1b7 1031->1061 1033->1033 1038 14003dc6a-14003dcc4 call 1400486b0 call 140046bc0 call 140043ff0 1033->1038 1068 14003dcf7-14003dd21 1038->1068 1069 14003dcc6-14003dcd7 1038->1069 1040->998 1041->1000 1046->1046 1050 14003deec-14003df45 call 1400486b0 call 140046bc0 call 140043ff0 1046->1050 1082 14003df78-14003dfa2 1050->1082 1083 14003df47-14003df58 1050->1083 1061->1061 1066 14003e1b9-14003e212 call 1400486b0 call 140046bc0 call 140043ff0 1061->1066 1129 14003e214-14003e225 1066->1129 1130 14003e245-14003e26e 1066->1130 1077 14003dd23-14003dd37 1068->1077 1078 14003dd59-14003dd7f 1068->1078 1073 14003dcf2 call 1400ae880 1069->1073 1074 14003dcd9-14003dcec 1069->1074 1073->1068 1074->1073 1080 14003e5e1-14003e5e6 call 140098254 1074->1080 1085 14003dd52-14003dd57 call 1400ae880 1077->1085 1086 14003dd39-14003dd4c 1077->1086 1088 14003dd81-14003dd95 1078->1088 1089 14003ddb7-14003ddd0 1078->1089 1093 14003e5e7-14003e5ec call 140098254 1080->1093 1094 14003dfa4-14003dfb8 1082->1094 1095 14003dfda-14003e000 1082->1095 1090 14003df73 call 1400ae880 1083->1090 1091 14003df5a-14003df6d 1083->1091 1085->1078 1086->1085 1086->1093 1099 14003dd97-14003ddaa 1088->1099 1100 14003ddb0-14003ddb5 call 1400ae880 1088->1100 1089->1008 1090->1082 1091->1090 1102 14003e5f3-14003e5f8 call 140098254 1091->1102 1110 14003e5ed-14003e5f2 call 140098254 1093->1110 1105 14003dfd3-14003dfd8 call 1400ae880 1094->1105 1106 14003dfba-14003dfcd 1094->1106 1111 14003e002-14003e016 1095->1111 1112 14003e038-14003e04a 1095->1112 1099->1100 1099->1110 1100->1089 1118 14003e5f9-14003e5fe call 140098254 1102->1118 1105->1095 1106->1105 1106->1118 1110->1102 1122 14003e031-14003e036 call 1400ae880 1111->1122 1123 14003e018-14003e02b 1111->1123 1112->1010 1125 14003e5ff-14003e604 call 140098254 1118->1125 1140 14003e47b-14003e487 1119->1140 1132 14003e462 1120->1132 1133 14003e58d-14003e5da call 1400439b0 call 1400479f0 call 140047ac0 call 1400b0e88 1120->1133 1122->1112 1123->1122 1123->1125 1151 14003e605-14003e60a call 140098254 1125->1151 1136 14003e227-14003e23a 1129->1136 1137 14003e240 call 1400ae880 1129->1137 1141 14003e2a4-14003e2ca 1130->1141 1142 14003e270-14003e284 1130->1142 1132->1140 1167 14003e5db-14003e5e0 call 140098254 1133->1167 1136->1137 1136->1151 1137->1130 1146 14003e489-14003e4ac 1140->1146 1147 14003e4ae-14003e4b8 call 140050610 1140->1147 1149 14003e2cc-14003e2e0 1141->1149 1150 14003e300-14003e319 1141->1150 1154 14003e286-14003e299 1142->1154 1155 14003e29f call 1400ae880 1142->1155 1159 14003e4bd-14003e4ce call 140043ff0 1146->1159 1147->1159 1162 14003e2e2-14003e2f5 1149->1162 1163 14003e2fb call 1400ae880 1149->1163 1150->1024 1154->1155 1157 14003e587-14003e58c call 140098254 1154->1157 1155->1141 1157->1133 1159->1025 1162->1163 1162->1167 1163->1150 1167->1080
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                    • String ID: cannot use push_back() with $system$vault
                                                                    • API String ID: 2449869053-1741236777
                                                                    • Opcode ID: fafd76ba07d69584645bf33fa7b900a195455fa1a8abfe6877a7fd7569c5da7b
                                                                    • Instruction ID: 2a92ccc5b1d467f17da58c6df9da55f1dc7976cf29d812e554c759641952edc1
                                                                    • Opcode Fuzzy Hash: fafd76ba07d69584645bf33fa7b900a195455fa1a8abfe6877a7fd7569c5da7b
                                                                    • Instruction Fuzzy Hash: 15924C72205BC489DB628F26E8843DE77B5F749798F504216EB9C4BBA9EF74C684C700
                                                                    Function 0000000140034B70 Relevance: 17.1, APIs: 3, Strings: 6, Instructions: 1343registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseOpenQueryValue
                                                                    • String ID: Wallets$content$directory_iterator::directory_iterator$exists$filename$status
                                                                    • API String ID: 3677997916-331726099
                                                                    • Opcode ID: c7734a0d1231dce296452ad1afaca9f3a6e4d40f2e4a13ff44d22133890dc3ec
                                                                    • Instruction ID: 7b7ad4ccabc59f41d35c00ebb4a54e0cc5e1f704924bbbbd3f86ce4379df2c1a
                                                                    • Opcode Fuzzy Hash: c7734a0d1231dce296452ad1afaca9f3a6e4d40f2e4a13ff44d22133890dc3ec
                                                                    • Instruction Fuzzy Hash: F7E24B72615BC08AEB729F36D8803DD73A5F789798F505216EB9C4BAA9DF74C684C300
                                                                    Function 0000000140032CA0 Relevance: 16.5, APIs: 3, Strings: 6, Instructions: 789registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1675 140032ca0-140032d72 1676 140032d75-140032d7c 1675->1676 1676->1676 1677 140032d7e-140032efe call 1400486b0 1676->1677 1680 140032f01-140032f09 1677->1680 1680->1680 1681 140032f0b-140032f93 call 1400486b0 1680->1681 1684 140032f96-140032f9e 1681->1684 1684->1684 1685 140032fa0-14003302a call 1400486b0 RegOpenKeyExA 1684->1685 1688 140033030-140033072 RegQueryValueExA 1685->1688 1689 1400330ee-1400330f5 1685->1689 1688->1689 1692 140033074-1400330b2 call 1400486b0 call 1400428e0 1688->1692 1690 1400330f7 RegCloseKey 1689->1690 1691 1400330fd-140033168 call 140055c20 1689->1691 1690->1691 1698 14003319c-1400331af 1691->1698 1699 14003316a-14003317c 1691->1699 1707 1400330b4-1400330c5 1692->1707 1708 1400330e5-1400330ea 1692->1708 1701 1400331b5-1400331f5 call 14002eaf0 1698->1701 1702 14003382b-140033836 1698->1702 1703 140033197 call 1400ae880 1699->1703 1704 14003317e-140033191 1699->1704 1725 1400339a7-1400339a9 1701->1725 1726 1400331fb-1400331fe 1701->1726 1710 140033838-14003384e 1702->1710 1711 14003386e-140033890 1702->1711 1703->1698 1704->1703 1705 1400339d1-1400339d6 call 140098254 1704->1705 1742 1400339d7-1400339e9 call 14002e1d0 1705->1742 1712 1400330c7-1400330da 1707->1712 1713 1400330e0 call 1400ae880 1707->1713 1708->1689 1715 140033869 call 1400ae880 1710->1715 1716 140033850-140033863 1710->1716 1718 140033892-1400338a6 1711->1718 1719 1400338c6-1400338e0 1711->1719 1712->1713 1724 1400339cb-1400339d0 call 140098254 1712->1724 1713->1708 1715->1711 1716->1715 1728 1400339f0-1400339f5 call 140098254 1716->1728 1720 1400338c1 call 1400ae880 1718->1720 1721 1400338a8-1400338bb 1718->1721 1722 1400338e2-1400338f6 1719->1722 1723 140033916-140033930 1719->1723 1720->1719 1721->1720 1731 140033a1e-140033a23 call 140098254 1721->1731 1735 140033911 call 1400ae880 1722->1735 1736 1400338f8-14003390b 1722->1736 1739 140033962-1400339a6 call 1400ae860 1723->1739 1740 140033932-140033946 1723->1740 1724->1705 1732 1400339b6-1400339ca call 14002e240 1725->1732 1733 1400339ab 1725->1733 1726->1702 1738 140033204-14003322b call 14002d020 1726->1738 1756 1400339f6-140033a05 call 14002e1d0 1728->1756 1744 140033a24-140033a29 call 140098254 1731->1744 1732->1724 1733->1702 1735->1723 1736->1735 1736->1744 1766 14003329c-140033305 call 140036940 call 140045140 1738->1766 1767 14003322d 1738->1767 1749 140033948-14003395b 1740->1749 1750 14003395d call 1400ae880 1740->1750 1763 1400339ea-1400339ef call 140098254 1742->1763 1749->1750 1760 1400339b0-1400339b5 call 140098254 1749->1760 1750->1739 1775 140033a06-140033a0b call 140098254 1756->1775 1760->1732 1763->1728 1766->1742 1787 14003330b-14003331a 1766->1787 1773 140033230-140033237 1767->1773 1777 140033239-14003323d 1773->1777 1778 14003323f-140033246 1773->1778 1786 140033a0c-140033a11 call 140098254 1775->1786 1777->1778 1781 140033248-14003324b 1777->1781 1778->1773 1778->1781 1781->1766 1784 14003324d 1781->1784 1785 140033250-14003325c 1784->1785 1788 14003326e-140033271 1785->1788 1789 14003325e-140033262 1785->1789 1800 140033a12-140033a17 call 140098254 1786->1800 1791 140033352-140033382 1787->1791 1792 14003331c-140033332 1787->1792 1788->1766 1798 140033273-140033277 1788->1798 1789->1788 1795 140033264-14003326a 1789->1795 1796 140033384-140033388 1791->1796 1797 14003338c-1400333cb call 14002e8c0 1791->1797 1793 140033334-140033347 1792->1793 1794 14003334d call 1400ae880 1792->1794 1793->1763 1793->1794 1794->1791 1795->1785 1802 14003326c 1795->1802 1796->1797 1810 1400333da-140033404 call 14002e9a0 1797->1810 1811 1400333cd-1400333d6 1797->1811 1804 140033280-14003328c 1798->1804 1812 140033a18-140033a1d call 14002cf70 1800->1812 1802->1766 1807 140033294-14003329a 1804->1807 1808 14003328e-140033292 1804->1808 1807->1766 1807->1804 1808->1766 1808->1807 1817 14003340a 1810->1817 1818 140033789-140033793 1810->1818 1811->1810 1812->1731 1821 140033410-140033431 call 14002eaf0 1817->1821 1819 140033795-14003379f 1818->1819 1820 1400337bf-1400337c9 1818->1820 1819->1820 1822 1400337a1-1400337b3 1819->1822 1823 1400337f5-1400337fc 1820->1823 1824 1400337cb-1400337d5 1820->1824 1829 140033433-14003343b 1821->1829 1830 140033441-140033444 1821->1830 1822->1820 1835 1400337b5-1400337be 1822->1835 1823->1702 1826 1400337fe-140033808 1823->1826 1824->1823 1827 1400337d7-1400337e9 1824->1827 1826->1702 1831 14003380a-14003381e 1826->1831 1827->1823 1839 1400337eb-1400337f4 1827->1839 1829->1756 1829->1830 1833 14003344a-140033461 call 14007f8f0 1830->1833 1834 140033769-140033783 call 14002e7b0 1830->1834 1831->1702 1843 140033820-14003382a 1831->1843 1846 140033467-1400334b0 call 140043a40 call 14002d4e0 call 14002d370 1833->1846 1847 14003375d-140033764 call 14002f380 1833->1847 1834->1818 1834->1821 1835->1820 1839->1823 1843->1702 1856 1400334b2 1846->1856 1857 1400334b5-140033554 call 140045310 call 1400455e0 call 1400486b0 call 140041900 call 140043ff0 1846->1857 1847->1834 1856->1857 1868 140033587-14003359f 1857->1868 1869 140033556-140033567 1857->1869 1872 1400335d2-1400335ea 1868->1872 1873 1400335a1-1400335b2 1868->1873 1870 140033582 call 1400ae880 1869->1870 1871 140033569-14003357c 1869->1871 1870->1868 1871->1775 1871->1870 1874 140033622-140033643 1872->1874 1875 1400335ec-140033602 1872->1875 1877 1400335b4-1400335c7 1873->1877 1878 1400335cd call 1400ae880 1873->1878 1874->1812 1882 140033649-14003375c call 14005d590 call 1400486b0 call 140041900 call 140043ff0 call 1400429b0 call 140041900 call 1400429b0 call 140041900 call 1400417a0 call 140043ff0 1874->1882 1880 140033604-140033617 1875->1880 1881 14003361d call 1400ae880 1875->1881 1877->1786 1877->1878 1878->1872 1880->1800 1880->1881 1881->1874 1882->1847
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseOpenQueryValue
                                                                    • String ID: Wallets$content$directory_iterator::directory_iterator$exists$filename$status
                                                                    • API String ID: 3677997916-331726099
                                                                    • Opcode ID: 6fa42396e6029cb9532ff93e4bf8fd3bbf6f65c3de85a75353121e72c8de5844
                                                                    • Instruction ID: 177c1d7675dde2ac949eba8f41182ce89ac29bc87b60f10449c8d26a9429c7de
                                                                    • Opcode Fuzzy Hash: 6fa42396e6029cb9532ff93e4bf8fd3bbf6f65c3de85a75353121e72c8de5844
                                                                    • Instruction Fuzzy Hash: D5824A72611BC48AEB628F3AD8803DE73A1F789798F505216EB9D57BA9DF34C584C340
                                                                    Function 000000014007C600 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Process$Exit$MutexOpenToken$CloseCreateCurrentFileHandleInformationInitializeModuleName
                                                                    • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                    • API String ID: 4279366119-3768118664
                                                                    • Opcode ID: 36f185b1df742de67076eec8cb6712ace61768d659a16a8e636eab3012611ba1
                                                                    • Instruction ID: f0f72c2fcd6d8b6b2264c2f1e6e52021c272493f6cdf96abffc9b24865ed5704
                                                                    • Opcode Fuzzy Hash: 36f185b1df742de67076eec8cb6712ace61768d659a16a8e636eab3012611ba1
                                                                    • Instruction Fuzzy Hash: B2619F32618A8481FA62AB66E4523EE63A0FB8D7C0F505615FB8D47AF6DF3CC1418B11
                                                                    Function 00000001400320B0 Relevance: 14.7, APIs: 3, Strings: 5, Instructions: 684registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1995 1400320b0-140032182 1996 140032185-14003218c 1995->1996 1996->1996 1997 14003218e-1400322ea call 1400486b0 1996->1997 2000 1400322f0-1400322f8 1997->2000 2000->2000 2001 1400322fa-140032378 call 1400486b0 2000->2001 2004 140032380-140032388 2001->2004 2004->2004 2005 14003238a-140032411 call 1400486b0 RegOpenKeyExA 2004->2005 2008 140032417-140032456 RegQueryValueExA 2005->2008 2009 1400324ee-1400324f5 2005->2009 2008->2009 2010 14003245c-1400324a9 call 1400486b0 call 1400428e0 2008->2010 2011 1400324f7 RegCloseKey 2009->2011 2012 1400324fd-14003256e call 140055c20 2009->2012 2027 1400324ab-1400324bf 2010->2027 2028 1400324df-1400324e7 2010->2028 2011->2012 2018 1400325a2-1400325b5 2012->2018 2019 140032570-140032582 2012->2019 2023 140032aa3-140032aae 2018->2023 2024 1400325bb-140032601 call 14002eaf0 2018->2024 2020 140032584-140032597 2019->2020 2021 14003259d call 1400ae880 2019->2021 2020->2021 2025 140032c55-140032c5a call 140098254 2020->2025 2021->2018 2030 140032ae9-140032b0e 2023->2030 2031 140032ab0-140032ac9 2023->2031 2047 140032607-14003260a 2024->2047 2048 140032c25-140032c27 2024->2048 2051 140032c5b-140032c70 call 14002e1d0 2025->2051 2034 1400324c1-1400324d4 2027->2034 2035 1400324da call 1400ae880 2027->2035 2028->2009 2032 140032b44-140032b5e 2030->2032 2033 140032b10-140032b24 2030->2033 2037 140032ae4 call 1400ae880 2031->2037 2038 140032acb-140032ade 2031->2038 2044 140032b94-140032bae 2032->2044 2045 140032b60-140032b74 2032->2045 2042 140032b26-140032b39 2033->2042 2043 140032b3f call 1400ae880 2033->2043 2034->2035 2046 140032c4f-140032c54 call 140098254 2034->2046 2035->2028 2037->2030 2038->2037 2050 140032c71-140032c76 call 140098254 2038->2050 2042->2043 2052 140032c8f-140032c94 call 140098254 2042->2052 2043->2032 2060 140032be0-140032c24 call 1400ae860 2044->2060 2061 140032bb0-140032bc4 2044->2061 2057 140032b76-140032b89 2045->2057 2058 140032b8f call 1400ae880 2045->2058 2046->2025 2047->2023 2059 140032610-14003262d call 140045140 2047->2059 2053 140032c34-140032c4e call 14002e240 2048->2053 2054 140032c29 2048->2054 2077 140032c77-140032c7c call 140098254 2050->2077 2051->2050 2068 140032c95-140032c9a call 140098254 2052->2068 2053->2046 2054->2023 2057->2058 2057->2068 2058->2044 2059->2051 2086 140032633-14003264e 2059->2086 2071 140032bc6-140032bd9 2061->2071 2072 140032bdb call 1400ae880 2061->2072 2071->2072 2081 140032c2e-140032c33 call 140098254 2071->2081 2072->2060 2091 140032c7d-140032c82 call 140098254 2077->2091 2081->2053 2089 140032658-14003268e call 14002e8c0 2086->2089 2090 140032650-140032654 2086->2090 2095 140032690-140032699 2089->2095 2096 14003269d-1400326be call 14002e9a0 2089->2096 2090->2089 2099 140032c83-140032c88 call 140098254 2091->2099 2095->2096 2102 1400326c4-1400326c8 2096->2102 2103 140032a01-140032a0b 2096->2103 2105 140032c89-140032c8e call 14002cf70 2099->2105 2106 1400326d0-1400326e5 call 14007f8f0 2102->2106 2107 140032a37-140032a41 2103->2107 2108 140032a0d-140032a17 2103->2108 2105->2052 2119 1400326eb-140032737 call 140043a40 call 14002d4e0 call 14002d370 2106->2119 2120 1400329de-1400329fb call 14002f380 call 14002e7b0 2106->2120 2112 140032a43-140032a4d 2107->2112 2113 140032a6d-140032a74 2107->2113 2108->2107 2111 140032a19-140032a2b 2108->2111 2111->2107 2125 140032a2d-140032a36 2111->2125 2112->2113 2117 140032a4f-140032a61 2112->2117 2113->2023 2115 140032a76-140032a80 2113->2115 2115->2023 2118 140032a82-140032a96 2115->2118 2117->2113 2127 140032a63-140032a6c 2117->2127 2118->2023 2131 140032a98-140032aa2 2118->2131 2140 14003273c-1400327db call 140045310 call 1400455e0 call 1400486b0 call 140041900 call 140043ff0 2119->2140 2141 140032739 2119->2141 2120->2103 2120->2106 2125->2107 2127->2113 2131->2023 2152 14003280e-140032826 2140->2152 2153 1400327dd-1400327ee 2140->2153 2141->2140 2154 140032828-140032839 2152->2154 2155 140032859-140032871 2152->2155 2156 140032809 call 1400ae880 2153->2156 2157 1400327f0-140032803 2153->2157 2158 140032854 call 1400ae880 2154->2158 2159 14003283b-14003284e 2154->2159 2160 140032873-140032889 2155->2160 2161 1400328a9-1400328c7 2155->2161 2156->2152 2157->2077 2157->2156 2158->2155 2159->2091 2159->2158 2164 1400328a4 call 1400ae880 2160->2164 2165 14003288b-14003289e 2160->2165 2161->2105 2166 1400328cd-1400329dd call 14005d590 call 1400486b0 call 140041900 call 140043ff0 call 1400429b0 call 140041900 call 1400429b0 call 140041900 call 1400417a0 call 140043ff0 2161->2166 2164->2161 2165->2099 2165->2164 2166->2120
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseOpenQueryValue
                                                                    • String ID: Wallets$content$directory_iterator::directory_iterator$exists$filename
                                                                    • API String ID: 3677997916-4231923139
                                                                    • Opcode ID: 9a91b14f7d960f65d34c233a383209922ffca6b72530cd8d509c60a6aacfc5ed
                                                                    • Instruction ID: db1664ec86df15eb83f53bf5ceff4b3bbab913ad6086724e2e1923656db5ce1d
                                                                    • Opcode Fuzzy Hash: 9a91b14f7d960f65d34c233a383209922ffca6b72530cd8d509c60a6aacfc5ed
                                                                    • Instruction Fuzzy Hash: F8724A72611BC48AEB228F36D8803DD77A1F789798F509215EB9D5BBA9DF34C684C340
                                                                    Function 00000001400A2E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2188 1400a2e3c-1400a2e77 call 1400a24d8 call 1400a24e0 call 1400a2548 2195 1400a2e7d-1400a2e88 call 1400a24e8 2188->2195 2196 1400a30a1-1400a30ed call 140098284 call 1400a24d8 call 1400a24e0 call 1400a2548 2188->2196 2195->2196 2202 1400a2e8e-1400a2e98 2195->2202 2223 1400a322b-1400a3299 call 140098284 call 1400aba84 2196->2223 2224 1400a30f3-1400a30fe call 1400a24e8 2196->2224 2204 1400a2eba-1400a2ebe 2202->2204 2205 1400a2e9a-1400a2e9d 2202->2205 2208 1400a2ec1-1400a2ec9 2204->2208 2207 1400a2ea0-1400a2eab 2205->2207 2211 1400a2ead-1400a2eb4 2207->2211 2212 1400a2eb6-1400a2eb8 2207->2212 2208->2208 2209 1400a2ecb-1400a2ede call 14009e8bc 2208->2209 2218 1400a2ee0-1400a2ee2 call 14009d3c8 2209->2218 2219 1400a2ef6-1400a2f02 call 14009d3c8 2209->2219 2211->2207 2211->2212 2212->2204 2215 1400a2ee7-1400a2ef5 2212->2215 2218->2215 2230 1400a2f09-1400a2f11 2219->2230 2242 1400a329b-1400a32a2 2223->2242 2243 1400a32a7-1400a32aa 2223->2243 2224->2223 2231 1400a3104-1400a310f call 1400a2518 2224->2231 2230->2230 2233 1400a2f13-1400a2f24 call 1400a7fd8 2230->2233 2231->2223 2241 1400a3115-1400a311c call 14009d3c8 2231->2241 2233->2196 2240 1400a2f2a-1400a2f80 call 1400c1650 * 4 call 1400a2d58 2233->2240 2301 1400a2f82-1400a2f86 2240->2301 2252 1400a3121-1400a312f call 1400d5260 2241->2252 2246 1400a3337-1400a333a 2242->2246 2247 1400a32ac 2243->2247 2248 1400a32e1-1400a32f4 call 14009e8bc 2243->2248 2249 1400a32af 2246->2249 2250 1400a3340-1400a3348 call 1400a2e3c 2246->2250 2247->2249 2263 1400a32ff-1400a331a call 1400aba84 2248->2263 2264 1400a32f6 2248->2264 2254 1400a32b4-1400a32e0 call 14009d3c8 call 1400ae860 2249->2254 2255 1400a32af call 1400a30b8 2249->2255 2250->2254 2262 1400a3135-1400a3138 2252->2262 2255->2254 2267 1400a3200-1400a322a call 1400a24d0 call 1400a24c0 call 1400a24c8 2262->2267 2268 1400a313e-1400a315f 2262->2268 2279 1400a331c-1400a331f 2263->2279 2280 1400a3321-1400a3333 call 14009d3c8 2263->2280 2269 1400a32f8-1400a32fd call 14009d3c8 2264->2269 2274 1400a316a-1400a3171 2268->2274 2275 1400a3161-1400a3167 2268->2275 2269->2247 2282 1400a3173-1400a317b 2274->2282 2283 1400a3185 2274->2283 2275->2274 2279->2269 2280->2246 2282->2283 2291 1400a317d-1400a3183 2282->2291 2290 1400a3187-1400a31fb call 1400c1650 * 4 call 1400a69a4 call 1400a3350 * 2 2283->2290 2290->2267 2291->2290 2303 1400a2f8c-1400a2f90 2301->2303 2304 1400a2f88 2301->2304 2303->2301 2306 1400a2f92-1400a2fb7 call 140094550 2303->2306 2304->2303 2311 1400a2fba-1400a2fbe 2306->2311 2313 1400a2fc0-1400a2fcb 2311->2313 2314 1400a2fcd-1400a2fd1 2311->2314 2313->2314 2316 1400a2fd3-1400a2fd7 2313->2316 2314->2311 2318 1400a2fd9-1400a3001 call 140094550 2316->2318 2319 1400a3058-1400a305c 2316->2319 2330 1400a301f-1400a3023 2318->2330 2331 1400a3003 2318->2331 2321 1400a305e-1400a3060 2319->2321 2322 1400a3063-1400a3070 2319->2322 2321->2322 2325 1400a308b-1400a309a call 1400a24d0 call 1400a24c0 2322->2325 2326 1400a3072-1400a3088 call 1400a2d58 2322->2326 2325->2196 2326->2325 2330->2319 2336 1400a3025-1400a3043 call 140094550 2330->2336 2334 1400a3006-1400a300d 2331->2334 2334->2330 2337 1400a300f-1400a301d 2334->2337 2342 1400a304f-1400a3056 2336->2342 2337->2330 2337->2334 2342->2319 2343 1400a3045-1400a3049 2342->2343 2343->2319 2344 1400a304b 2343->2344 2344->2342
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                    • API String ID: 355007559-239921721
                                                                    • Opcode ID: d27e707e32a7a668b79f18f39980f86f66c1361dc0c94ac41fd5faca01788e5a
                                                                    • Instruction ID: 33c1b94af872691e134a774f96405fbf90e61f0c3ac2d4846b7876194704bd86
                                                                    • Opcode Fuzzy Hash: d27e707e32a7a668b79f18f39980f86f66c1361dc0c94ac41fd5faca01788e5a
                                                                    • Instruction Fuzzy Hash: 93D1A03271024086EB26EF37D8517E967A1F7ACBD4F448236FF5947AA6DB38C4818B40
                                                                    Function 0000000140085240 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2345 140085240-1400853de 2346 1400853e0-1400853e7 2345->2346 2346->2346 2347 1400853e9-14008541c call 1400486b0 InternetOpenA 2346->2347 2350 140085422-140085438 2347->2350 2351 1400854b5-1400854cc 2347->2351 2352 140085440-140085448 2350->2352 2353 1400854ce 2351->2353 2354 1400854d1-1400854f8 InternetOpenUrlA 2351->2354 2355 14008544a-14008545b 2352->2355 2356 14008547b-1400854b4 call 1400ae860 2352->2356 2353->2354 2357 140085529-140085554 HttpQueryInfoW 2354->2357 2358 1400854fa-140085524 2354->2358 2359 14008545d-140085470 2355->2359 2360 140085476 call 1400ae880 2355->2360 2362 14008558f-1400855ea HttpQueryInfoW 2357->2362 2363 140085556-14008558a 2357->2363 2358->2352 2359->2360 2364 1400858b5-1400858ba call 140098254 2359->2364 2360->2356 2366 1400855ec-140085602 call 140094550 2362->2366 2367 140085618-14008562e InternetQueryDataAvailable 2362->2367 2363->2362 2381 1400858bb-1400858c0 call 14002b820 2364->2381 2366->2367 2380 140085604-140085613 call 140048560 2366->2380 2373 140085813-140085866 InternetCloseHandle 2367->2373 2374 140085634-140085639 2367->2374 2379 14008586f-140085878 2373->2379 2377 140085640-140085646 2374->2377 2377->2373 2382 14008564c-140085666 2377->2382 2379->2356 2386 14008587e-14008588f 2379->2386 2380->2367 2384 1400856d9-1400856f1 InternetReadFile 2382->2384 2385 140085668-14008566e 2382->2385 2393 1400857cd-1400857d4 2384->2393 2394 1400856f7-1400856fc 2384->2394 2389 14008569c-14008569f call 1400ae888 2385->2389 2390 140085670-140085677 2385->2390 2386->2360 2391 140085895-1400858a8 2386->2391 2401 1400856a4-1400856d4 call 1400c1650 2389->2401 2390->2381 2395 14008567d-140085688 call 1400ae888 2390->2395 2391->2364 2397 1400858aa 2391->2397 2393->2373 2399 1400857d6-1400857e7 2393->2399 2394->2393 2398 140085702-14008570d 2394->2398 2406 1400858af-1400858b4 call 140098254 2395->2406 2415 14008568e-14008569a 2395->2415 2397->2360 2402 14008573f-140085759 call 140049030 2398->2402 2403 14008570f-14008573d call 1400c0fb0 2398->2403 2404 1400857e9-1400857fc 2399->2404 2405 140085802-14008580f call 1400ae880 2399->2405 2401->2384 2418 14008575a-140085761 2402->2418 2403->2418 2404->2405 2404->2406 2405->2373 2406->2364 2415->2401 2420 140085763-140085774 2418->2420 2421 1400857a4 2418->2421 2422 14008578f-1400857a2 call 1400ae880 2420->2422 2423 140085776-140085789 2420->2423 2424 1400857a6-1400857bc InternetQueryDataAvailable 2421->2424 2422->2424 2423->2406 2423->2422 2424->2373 2426 1400857be-1400857c8 2424->2426 2426->2377
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                    • String ID:
                                                                    • API String ID: 1475545111-0
                                                                    • Opcode ID: ce3a76f5a34c2e0a500909917f6fe4a2089fd67f17f51432d2aeec27fecab31b
                                                                    • Instruction ID: eaeee93a036ee1abdefdafc7409104f1436ae897ae3bf0d765108de91cf4717b
                                                                    • Opcode Fuzzy Hash: ce3a76f5a34c2e0a500909917f6fe4a2089fd67f17f51432d2aeec27fecab31b
                                                                    • Instruction Fuzzy Hash: A3025A33A14B9486EB11DB6AE84039E77A5F7997D8F204215EF9C57BA8EF78C180C700
                                                                    Function 00000001400C0658 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2428 1400c0658-1400c06cb call 1400c023c 2431 1400c06cd-1400c06d6 call 140094e48 2428->2431 2432 1400c06e5-1400c06ef call 1400a566c 2428->2432 2437 1400c06d9-1400c06e0 call 140094e68 2431->2437 2438 1400c070a-1400c0773 CreateFileW 2432->2438 2439 1400c06f1-1400c0708 call 140094e48 call 140094e68 2432->2439 2454 1400c0a26-1400c0a46 2437->2454 2442 1400c07f0-1400c07fb GetFileType 2438->2442 2443 1400c0775-1400c077b 2438->2443 2439->2437 2447 1400c07fd-1400c0838 call 1400d5168 call 140094ddc call 1400d5140 2442->2447 2448 1400c084e-1400c0855 2442->2448 2444 1400c07bd-1400c07eb call 1400d5168 call 140094ddc 2443->2444 2445 1400c077d-1400c0781 2443->2445 2444->2437 2445->2444 2450 1400c0783-1400c07bb CreateFileW 2445->2450 2447->2437 2476 1400c083e-1400c0849 call 140094e68 2447->2476 2452 1400c085d-1400c0860 2448->2452 2453 1400c0857-1400c085b 2448->2453 2450->2442 2450->2444 2458 1400c0866-1400c08bb call 1400a5584 2452->2458 2459 1400c0862 2452->2459 2453->2458 2468 1400c08bd-1400c08c9 call 1400c0444 2458->2468 2469 1400c08da-1400c090b call 1400bffbc 2458->2469 2459->2458 2468->2469 2480 1400c08cb 2468->2480 2478 1400c090d-1400c090f 2469->2478 2479 1400c0911-1400c0953 2469->2479 2476->2437 2482 1400c08cd-1400c08d5 call 14009d540 2478->2482 2483 1400c0975-1400c0980 2479->2483 2484 1400c0955-1400c0959 2479->2484 2480->2482 2482->2454 2486 1400c0986-1400c098a 2483->2486 2487 1400c0a24 2483->2487 2484->2483 2485 1400c095b-1400c0970 2484->2485 2485->2483 2486->2487 2489 1400c0990-1400c09d5 call 1400d5140 CreateFileW 2486->2489 2487->2454 2493 1400c0a0a-1400c0a1f 2489->2493 2494 1400c09d7-1400c0a05 call 1400d5168 call 140094ddc call 1400a57ac 2489->2494 2493->2487 2494->2493
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                    • String ID:
                                                                    • API String ID: 1617910340-0
                                                                    • Opcode ID: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
                                                                    • Instruction ID: 83644b67ebb14751364ddfbcc329ed2d9831cfd477b754813198fa2ff24e4f8c
                                                                    • Opcode Fuzzy Hash: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
                                                                    • Instruction Fuzzy Hash: FBC19B36724B448AEB15DFAAC4907AD3761F78DBE8F015215EF2A9B7A5CB38C056C340
                                                                    Function 000000014007F020 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2501 14007f020-14007f0a5 call 14002eaf0 2504 14007f0a7-14007f0a9 2501->2504 2505 14007f0b1-14007f0b4 2501->2505 2506 14007f7c0-14007f7d6 call 14002e240 2504->2506 2507 14007f0af 2504->2507 2508 14007f0c7-14007f0e0 call 1400c1650 2505->2508 2509 14007f0b6-14007f0c2 2505->2509 2516 14007f7d7-14007f7dc call 140098254 2506->2516 2507->2509 2518 14007f0e5-14007f14b call 14004a910 2508->2518 2519 14007f0e2 2508->2519 2511 14007f73f-14007f76b call 1400ae860 2509->2511 2526 14007f7dd-14007f811 call 14002bbd0 call 14002cdc0 call 1400b0e88 2516->2526 2524 14007f545-14007f57f call 14005fdb0 call 14005fcd0 2518->2524 2525 14007f151-14007f159 2518->2525 2519->2518 2540 14007f581-14007f592 call 140048560 2524->2540 2541 14007f59e-14007f62c call 14005fdb0 call 14008d640 2524->2541 2527 14007f15e-14007f181 call 140089b70 call 140089d30 2525->2527 2528 14007f15b 2525->2528 2546 14007f187-14007f19d 2527->2546 2547 14007f25c-14007f276 GetFileSize 2527->2547 2528->2527 2551 14007f597 2540->2551 2541->2526 2570 14007f632-14007f636 call 140043620 2541->2570 2553 14007f1d3-14007f257 call 1400412f0 2546->2553 2554 14007f19f-14007f1b3 2546->2554 2549 14007f278-14007f29b 2547->2549 2550 14007f29d-14007f2b3 2547->2550 2555 14007f302-14007f34b SetFilePointer call 1400d5190 2549->2555 2556 14007f2e5-14007f2fd call 140048e80 2550->2556 2557 14007f2b5-14007f2e3 call 1400c1650 2550->2557 2551->2541 2571 14007f72b-14007f73a call 1400bc92c 2553->2571 2559 14007f1b5-14007f1c8 2554->2559 2560 14007f1ce call 1400ae880 2554->2560 2573 14007f462-14007f486 2555->2573 2574 14007f351-14007f3a3 2555->2574 2556->2555 2557->2555 2559->2516 2559->2560 2560->2553 2576 14007f63b-14007f63e 2570->2576 2571->2511 2582 14007f488-14007f49c 2573->2582 2583 14007f4bc-14007f540 call 1400412f0 2573->2583 2584 14007f3a5-14007f3b9 2574->2584 2585 14007f3d9-14007f45d call 1400412f0 2574->2585 2579 14007f640-14007f667 2576->2579 2580 14007f66d-14007f727 call 1400412f0 2576->2580 2579->2580 2586 14007f76c-14007f76f 2579->2586 2580->2571 2589 14007f4b7 call 1400ae880 2582->2589 2590 14007f49e-14007f4b1 2582->2590 2583->2571 2594 14007f3d4 call 1400ae880 2584->2594 2595 14007f3bb-14007f3ce 2584->2595 2585->2571 2591 14007f771-14007f778 2586->2591 2592 14007f77a-14007f78b 2586->2592 2589->2583 2590->2516 2590->2589 2598 14007f78f-14007f7bf call 14002bbd0 call 14002cdc0 call 1400b0e88 2591->2598 2592->2598 2594->2585 2595->2516 2595->2594 2598->2506
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: File$PointerReadSize
                                                                    • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                    • API String ID: 404940565-15404121
                                                                    • Opcode ID: 5c5fe27d13f194aec453fdf1c703f87ca3d76affe3d521e3af280ab530f96c79
                                                                    • Instruction ID: 0185fc879b9b74ec622a7c15d7a6a3f555fd217371db62066f43d50a43c916a9
                                                                    • Opcode Fuzzy Hash: 5c5fe27d13f194aec453fdf1c703f87ca3d76affe3d521e3af280ab530f96c79
                                                                    • Instruction Fuzzy Hash: 67321632614BC489EB21CF35D8807ED37A1F789B88F548226EB4D5BBA9EB74C645D700
                                                                    Function 00000001400A30B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                    • API String ID: 3458911817-239921721
                                                                    • Opcode ID: a0b2f147c5ed72e73a9ba99eccd64d774068bd057930b9dd808764ab5dc4e304
                                                                    • Instruction ID: db0e2232302c0215c246f8571b916b6a2febf07c2da0425627d7512260a1f4b0
                                                                    • Opcode Fuzzy Hash: a0b2f147c5ed72e73a9ba99eccd64d774068bd057930b9dd808764ab5dc4e304
                                                                    • Instruction Fuzzy Hash: 68514D3261064086F722EF37E8917D96761F79CBC4F44922AFB4D47AB6DB38C5818B40
                                                                    Function 000000014009918C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1405656091-0
                                                                    • Opcode ID: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
                                                                    • Instruction ID: af26a4f8801793d3ce11611fdac42a3e64f2a46bd35c7c59f6a568dcc363727b
                                                                    • Opcode Fuzzy Hash: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
                                                                    • Instruction Fuzzy Hash: D681C7B27003454BEB598F6AC9417E873A5F75CBC8F449129FB098B7A9EB38D541CB40
                                                                    Function 0000000140049F80 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 417COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_exception_destroy
                                                                    • String ID: value
                                                                    • API String ID: 2453523683-494360628
                                                                    • Opcode ID: 1a0a312c14c4b9a9553b0e30a444405b0e410a2171ffdd72e7d38aeeb9d04e96
                                                                    • Instruction ID: 8abbc166ef407fa0914d6b06b85154435862c1efb651b818f75f1c6fc62bbeaf
                                                                    • Opcode Fuzzy Hash: 1a0a312c14c4b9a9553b0e30a444405b0e410a2171ffdd72e7d38aeeb9d04e96
                                                                    • Instruction Fuzzy Hash: 05028C72A14BC085EB12DB7AD4803ED6761E78A7E4F515222FB9D03AEADF78C185C700
                                                                    Function 000000014003E610 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                    • String ID: [PID:
                                                                    • API String ID: 420147892-2210602247
                                                                    • Opcode ID: 47a25ee8b5c82c9a2b2c365947ba00758a5183252d71e6613a97e77c179ec976
                                                                    • Instruction ID: bfbc4f987db6bac77f1b81780ed5057e34160ebcb8b68fb86d12c3b761a621f6
                                                                    • Opcode Fuzzy Hash: 47a25ee8b5c82c9a2b2c365947ba00758a5183252d71e6613a97e77c179ec976
                                                                    • Instruction Fuzzy Hash: 91E16E72614BC085EB22DB26E8943DE67A5F7897E8F504215FB9D07BA9DF38C284C700
                                                                    Function 000000014006D080 Relevance: 8.1, Strings: 6, Instructions: 599COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Profiles$cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                    • API String ID: 0-1457875953
                                                                    • Opcode ID: 583c73e28accecfadc168d97d9bb04e7e7c0b97172d336abba2105cbf3bf67e8
                                                                    • Instruction ID: 11a6efe290b92f49e28e44d36ea43a092b01f2eba203cd018676c1bdfd9b7a94
                                                                    • Opcode Fuzzy Hash: 583c73e28accecfadc168d97d9bb04e7e7c0b97172d336abba2105cbf3bf67e8
                                                                    • Instruction Fuzzy Hash: 81522872509FC485E6B29B16E8813DAB3A5F7C9784F505626EBCC43B69EF38C594CB00
                                                                    Function 000000014008B9B0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                    • String ID:
                                                                    • API String ID: 3038321057-0
                                                                    • Opcode ID: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
                                                                    • Instruction ID: 8e4f8d06d2c4ddfc7e806934d087d01799faa900bb6cc1b317aeea0d8f8b28af
                                                                    • Opcode Fuzzy Hash: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
                                                                    • Instruction Fuzzy Hash: CC214832218B8086E761DB22F45439AB7A4FB8CB90F958125FB8947B68DF7DC5458B40
                                                                    Function 000000014003CA10 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Cred$EnumerateFree
                                                                    • String ID: cannot use push_back() with
                                                                    • API String ID: 3403564193-4122110429
                                                                    • Opcode ID: 930a2e9a1bb0917b399954ee30a2fa4a54a42119b2565512f38186b15b8f8ab5
                                                                    • Instruction ID: f7b8f71b35ba7077e24cf974827ed01f7a602007d80a493374c150ca5ffd965d
                                                                    • Opcode Fuzzy Hash: 930a2e9a1bb0917b399954ee30a2fa4a54a42119b2565512f38186b15b8f8ab5
                                                                    • Instruction Fuzzy Hash: A4625D72614BC489EB22CF26E8803DD7761F789798F505316EBAD57BA9DB38C294C700
                                                                    Function 00000001400876A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InformationTimeZone
                                                                    • String ID: [UTC
                                                                    • API String ID: 565725191-1715286942
                                                                    • Opcode ID: 69f4163a387a64d30980e57af93b300bb1dd5483a82c179968bd749bb4137c3c
                                                                    • Instruction ID: 52f665e2fd4094696151a96eee92445b588682f36c98eb811415d14b9ef7eede
                                                                    • Opcode Fuzzy Hash: 69f4163a387a64d30980e57af93b300bb1dd5483a82c179968bd749bb4137c3c
                                                                    • Instruction Fuzzy Hash: 06B13B32614BC88AD7718F2AE84139AB7A5F78D788F105315EBCC57B69EB78C250CB44
                                                                    Function 0000000140077BA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CryptDataFreeLocalUnprotect
                                                                    • String ID:
                                                                    • API String ID: 1561624719-0
                                                                    • Opcode ID: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
                                                                    • Instruction ID: 4296086251868e59c58a0d25c4c96546d3d1b8368fdcc8e5a20c42b548a3eb4e
                                                                    • Opcode Fuzzy Hash: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
                                                                    • Instruction Fuzzy Hash: 8D414232614B80CAE3229F35E4407ED37A4F75978CF484229BB8C07E9ADB79C6A4C754
                                                                    Function 00000001400873F0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: DriveLogicalStrings
                                                                    • String ID:
                                                                    • API String ID: 2022863570-0
                                                                    • Opcode ID: 8f7b76c8c7a97eafc7baaa1f30fd7dfc3995e14b8cd39339a4877971754c2c66
                                                                    • Instruction ID: f2cab6ee8911013723ff3d4b8f532fa1eef750fceda41a605a97ef7ce25926e1
                                                                    • Opcode Fuzzy Hash: 8f7b76c8c7a97eafc7baaa1f30fd7dfc3995e14b8cd39339a4877971754c2c66
                                                                    • Instruction Fuzzy Hash: E1519C33A18B8082E711CF2AE48039EB7B5F789798F505215EB9C13AB9DB78D591DB40
                                                                    Function 0000000140086150 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: NameUser
                                                                    • String ID:
                                                                    • API String ID: 2645101109-0
                                                                    • Opcode ID: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
                                                                    • Instruction ID: 6386a9c63b89e62e1e7c53e5db0f7fdfe8938b55c0afa06648929fea26598edc
                                                                    • Opcode Fuzzy Hash: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
                                                                    • Instruction Fuzzy Hash: 67011E3251878086EB62DF26E85539AA3A4F79C788F541215FB8D43659DBBCC1948B40
                                                                    Function 0000000140086860 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: cores
                                                                    • API String ID: 0-2370456839
                                                                    • Opcode ID: c012ebea7cea5508256f9b7b32f734d30493b7f7331743f4b8e8cd1a3cd0dcf0
                                                                    • Instruction ID: d3262c633b295208c5961c06593242e7b47d8fd585a162be60b5762b3157baba
                                                                    • Opcode Fuzzy Hash: c012ebea7cea5508256f9b7b32f734d30493b7f7331743f4b8e8cd1a3cd0dcf0
                                                                    • Instruction Fuzzy Hash: E2C1DEB3E14B808AEB11CB79D4403ED7761F39D7A8F105715EBA817AAADB78C285C740
                                                                    Function 000000014008D050 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: \u%04x
                                                                    • API String ID: 0-2916071157
                                                                    • Opcode ID: 2764dba0f84da04d7b54bcc964d0cd32bf37b2397344f3073766bb7b0663e68a
                                                                    • Instruction ID: 2d8851c51790dd1c3718914d1aafb06cbace47ee840a32990fd9a175e8b29b8b
                                                                    • Opcode Fuzzy Hash: 2764dba0f84da04d7b54bcc964d0cd32bf37b2397344f3073766bb7b0663e68a
                                                                    • Instruction Fuzzy Hash: 4181EF33204A9492EA56DB66E550BEE7761F799BC0F848622EF4E43BA5DF38C615C300
                                                                    Function 000000014008C5CB Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ":
                                                                    • API String ID: 0-3662656813
                                                                    • Opcode ID: 057b35939bb715e8c3fccde18bf4a01ede3a255fa1bc5061a8c29ebb9342f7ef
                                                                    • Instruction ID: d32eb5bd7aa32db0d383c6563baefba3b4bb722cd0727c790415934f3a3ba72c
                                                                    • Opcode Fuzzy Hash: 057b35939bb715e8c3fccde18bf4a01ede3a255fa1bc5061a8c29ebb9342f7ef
                                                                    • Instruction Fuzzy Hash: 1C910176304A8581EB219F2AE194B9E77B1F789FC8F459002DB9E0BB65CF39C559CB00
                                                                    Function 0000000140045310 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 0000000140045399
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                    • API String ID: 0-1713319389
                                                                    • Opcode ID: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
                                                                    • Instruction ID: 014310bfbc4a3b67612d0ff5db8dcfc52a4721cd440e8a7597f65d7e1b9a6290
                                                                    • Opcode Fuzzy Hash: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
                                                                    • Instruction Fuzzy Hash: 0041B2736196E04AD702CB3A84113BD7FB2E36AB89F1D8162E7D48B757D62DC216CB10
                                                                    Function 000000014003ECB0 Relevance: .7, Instructions: 715COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a6ae9e57260c4d9c2420833d6abcaa42bc826476d953803981e3bbde9089d802
                                                                    • Instruction ID: 48bad8dc5ae2a98fb94f6420d9c53863b15f7aea20f291205fb5ec39bd34d449
                                                                    • Opcode Fuzzy Hash: a6ae9e57260c4d9c2420833d6abcaa42bc826476d953803981e3bbde9089d802
                                                                    • Instruction Fuzzy Hash: 2D722A72615BC489EB228B6AE8803DE73A1F78D798F504315EF9C57BA9DB78C244C704
                                                                    Function 000000014002F730 Relevance: .3, Instructions: 344COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 127a710e31e9e959bd1efdee8cd92842b4768b0bfe61b8490464264f99784d1a
                                                                    • Instruction ID: 09b45337b1f777d5d18b9b6a60bb218e0a3e2faf57d77cfaa0b1546ae7cfb2e5
                                                                    • Opcode Fuzzy Hash: 127a710e31e9e959bd1efdee8cd92842b4768b0bfe61b8490464264f99784d1a
                                                                    • Instruction Fuzzy Hash: D6F15F72A15B888AEB218B6AE44139D77A1F78C7D8F104315FFDC57B99EB78C1908B00
                                                                    Function 0000000140030450 Relevance: .3, Instructions: 336COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c660904164d709bc0acbb2f48409fe5df30a48554c19a8bdbe458204b02a07d7
                                                                    • Instruction ID: be49e157e2d86195976c6eff1131ce5322fd73392ca890e3637407cd31db1fd4
                                                                    • Opcode Fuzzy Hash: c660904164d709bc0acbb2f48409fe5df30a48554c19a8bdbe458204b02a07d7
                                                                    • Instruction Fuzzy Hash: CFF14F72A05F888AEB218B69E44139E77A4F78C798F104315EFDC57B99EF38C1908B40
                                                                    Function 000000014002FE20 Relevance: .3, Instructions: 336COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: baaf814a5b2074fa26d348928cf27470832879dc243f1d708684dcff653bcd19
                                                                    • Instruction ID: 99921ffeac1e544745e1f80987790f99c38e85693d9ba4107b4788d85d03955b
                                                                    • Opcode Fuzzy Hash: baaf814a5b2074fa26d348928cf27470832879dc243f1d708684dcff653bcd19
                                                                    • Instruction Fuzzy Hash: 81F15F72605F888AEB618B6AE44139E77A4F38C798F104315FFDC57B99EB78C1908B40
                                                                    Function 0000000140031B90 Relevance: .3, Instructions: 283COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7032578eb44d1cc3852a1f22707c9417288992426b2c68f63b2c84fe19f9a49a
                                                                    • Instruction ID: 6e5b374be89616aabab1282ed81929e9f4660f4cd366e2351babe77a13f61e33
                                                                    • Opcode Fuzzy Hash: 7032578eb44d1cc3852a1f22707c9417288992426b2c68f63b2c84fe19f9a49a
                                                                    • Instruction Fuzzy Hash: 83D17932B14B8089F712CBB5D4403ED37B2E79D78CF115619AF8C27AAADB348595C384
                                                                    Function 000000014007EBF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 573 14007ebf0-14007ec2b call 14007e970 576 14007ec2d-14007ec3c EnterCriticalSection 573->576 577 14007ec6c 573->577 578 14007ec90-14007ecaa LeaveCriticalSection GdipGetImageEncodersSize 576->578 579 14007ec3e-14007ec60 GdiplusStartup 576->579 580 14007ec71-14007ec8f call 1400ae860 577->580 578->577 583 14007ecac-14007ecbf 578->583 579->578 581 14007ec62-14007ec66 LeaveCriticalSection 579->581 581->577 585 14007ecc1-14007ecca call 14007e700 583->585 586 14007ecfb-14007ed09 call 1400983d8 583->586 591 14007ecf8 585->591 592 14007eccc-14007ecd6 585->592 593 14007ed10-14007ed1a 586->593 594 14007ed0b-14007ed0e 586->594 591->586 595 14007ecd8 592->595 596 14007ece2-14007ecf6 call 1400af520 592->596 597 14007ed1e 593->597 594->597 595->596 599 14007ed21-14007ed24 596->599 597->599 601 14007ed26-14007ed2b 599->601 602 14007ed30-14007ed3e GdipGetImageEncoders 599->602 603 14007ee9e-14007eea1 601->603 604 14007ed44-14007ed4d 602->604 605 14007ee89-14007ee8e 602->605 608 14007eec4-14007eec6 603->608 609 14007eea3-14007eea7 603->609 606 14007ed7f 604->606 607 14007ed4f-14007ed5d 604->607 605->603 612 14007ed86-14007ed96 606->612 610 14007ed60-14007ed6b 607->610 608->580 611 14007eeb0-14007eec2 call 140097620 609->611 613 14007ed78-14007ed7d 610->613 614 14007ed6d-14007ed72 610->614 611->608 616 14007ed98-14007eda9 612->616 617 14007edaf-14007edcb 612->617 613->606 613->610 614->613 618 14007ee2d-14007ee31 614->618 616->605 616->617 620 14007ee38-14007ee77 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 617->620 621 14007edcd-14007ee26 GdipCreateBitmapFromScan0 GdipSaveImageToStream 617->621 618->612 624 14007ee90-14007ee9d GdipDisposeImage 620->624 625 14007ee79 620->625 622 14007ee28-14007ee2b 621->622 623 14007ee36 621->623 626 14007ee7c-14007ee83 GdipDisposeImage 622->626 623->624 624->603 625->626 626->605
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                    • String ID: &
                                                                    • API String ID: 1703174404-3042966939
                                                                    • Opcode ID: b85d50a5cabfa6eb603eba9611f05f7ae6643928b7f11ca356d1fb5ea7c17443
                                                                    • Instruction ID: 9446b29d12abf54a495bb638b8da28d63bd82c1a12ea6a5149bd686255382b5b
                                                                    • Opcode Fuzzy Hash: b85d50a5cabfa6eb603eba9611f05f7ae6643928b7f11ca356d1fb5ea7c17443
                                                                    • Instruction Fuzzy Hash: 6A916D32201B809AEB22DF22E8407D8B7A4F75DBD8F558615FF0947BA4DB38C996C340
                                                                    Function 000000014007FCA0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 226networkCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1179 14007fca0-14007fdc6 call 1400858d0 call 14005d590 call 1400486b0 call 140041900 call 1400486b0 call 140041900 call 140043ff0 WSAStartup 1194 14007fe87 1179->1194 1195 14007fdcc-14007fdec socket 1179->1195 1196 14007fe89-14007fe91 1194->1196 1197 14007fdf2-14007fe1e htons 1195->1197 1198 14007fe81 WSACleanup 1195->1198 1199 14007fec4-14007ff05 call 1400ae860 1196->1199 1200 14007fe93-14007fea4 1196->1200 1201 14007fe24-14007fe34 call 14008d830 1197->1201 1202 14007ff29-14007ff5a call 14007eed0 call 1400426d0 1197->1202 1198->1194 1204 14007fea6-14007feb9 1200->1204 1205 14007febf call 1400ae880 1200->1205 1215 14007fe36 1201->1215 1216 14007fe39-14007fe65 inet_pton connect 1201->1216 1222 14007ff92-14007ffaf call 14007eed0 1202->1222 1223 14007ff5c-14007ff72 1202->1223 1204->1205 1209 14008002b-140080030 call 140098254 1204->1209 1205->1199 1224 140080031-140080036 call 140098254 1209->1224 1215->1216 1217 14007ff06-14007ff10 1216->1217 1218 14007fe6b-14007fe72 1216->1218 1217->1202 1225 14007ff12-14007ff1b 1217->1225 1218->1201 1221 14007fe74-14007fe7b closesocket 1218->1221 1221->1198 1234 14007ffb4-14007ffd8 call 1400426d0 1222->1234 1226 14007ff74-14007ff87 1223->1226 1227 14007ff8d call 1400ae880 1223->1227 1230 14007ff20-14007ff28 call 140044600 1225->1230 1231 14007ff1d 1225->1231 1226->1224 1226->1227 1227->1222 1230->1202 1231->1230 1239 140080014-140080020 1234->1239 1240 14007ffda-14007fff0 1234->1240 1239->1196 1241 14007fff2-140080005 1240->1241 1242 140080007-14008000c call 1400ae880 1240->1242 1241->1242 1243 140080025-14008002a call 140098254 1241->1243 1242->1239 1243->1209
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                    • String ID: 5.252.155.28$geo$system
                                                                    • API String ID: 213021568-2776767760
                                                                    • Opcode ID: 382c9bdd5f6078fca0e4b1f10bcf8beca6fad29002a5ddc0211ae9f1951ac84f
                                                                    • Instruction ID: 9c75b22fce348295d9d2264736fad7ad7c0564d1dc12daef42ebe48eef3612a5
                                                                    • Opcode Fuzzy Hash: 382c9bdd5f6078fca0e4b1f10bcf8beca6fad29002a5ddc0211ae9f1951ac84f
                                                                    • Instruction Fuzzy Hash: 87B16B72B11A4089FB02DB76D4503EC33B2AB9DBA8F415626EB59176F9DE38C54AC340
                                                                    Function 00000001400A092C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2607 1400a092c-1400a0952 2608 1400a096d-1400a0971 2607->2608 2609 1400a0954-1400a0968 call 140094e48 call 140094e68 2607->2609 2610 1400a0d47-1400a0d53 call 140094e48 call 140094e68 2608->2610 2611 1400a0977-1400a097e 2608->2611 2623 1400a0d5e 2609->2623 2631 1400a0d59 call 140098234 2610->2631 2611->2610 2613 1400a0984-1400a09b2 2611->2613 2613->2610 2616 1400a09b8-1400a09bf 2613->2616 2620 1400a09c1-1400a09d3 call 140094e48 call 140094e68 2616->2620 2621 1400a09d8-1400a09db 2616->2621 2620->2631 2625 1400a0d43-1400a0d45 2621->2625 2626 1400a09e1-1400a09e7 2621->2626 2628 1400a0d61-1400a0d78 2623->2628 2625->2628 2626->2625 2630 1400a09ed-1400a09f0 2626->2630 2630->2620 2633 1400a09f2-1400a0a17 2630->2633 2631->2623 2636 1400a0a19-1400a0a1b 2633->2636 2637 1400a0a4a-1400a0a51 2633->2637 2640 1400a0a1d-1400a0a24 2636->2640 2641 1400a0a42-1400a0a48 2636->2641 2638 1400a0a53-1400a0a7b call 14009e8bc call 14009d3c8 * 2 2637->2638 2639 1400a0a26-1400a0a3d call 140094e48 call 140094e68 call 140098234 2637->2639 2667 1400a0a7d-1400a0a93 call 140094e68 call 140094e48 2638->2667 2668 1400a0a98-1400a0ac3 call 1400a0fec 2638->2668 2670 1400a0bd0 2639->2670 2640->2639 2640->2641 2643 1400a0ac8-1400a0adf 2641->2643 2646 1400a0b5a-1400a0b64 call 1400a996c 2643->2646 2647 1400a0ae1-1400a0ae9 2643->2647 2658 1400a0b6a-1400a0b7f 2646->2658 2659 1400a0bee 2646->2659 2647->2646 2651 1400a0aeb-1400a0aed 2647->2651 2651->2646 2655 1400a0aef-1400a0b05 2651->2655 2655->2646 2660 1400a0b07-1400a0b13 2655->2660 2658->2659 2664 1400a0b81-1400a0b93 GetConsoleMode 2658->2664 2662 1400a0bf3-1400a0c0b call 1400d5190 2659->2662 2660->2646 2665 1400a0b15-1400a0b17 2660->2665 2674 1400a0c11-1400a0c13 2662->2674 2664->2659 2671 1400a0b95-1400a0b9d 2664->2671 2665->2646 2672 1400a0b19-1400a0b31 2665->2672 2667->2670 2668->2643 2677 1400a0bd3-1400a0bdd call 14009d3c8 2670->2677 2671->2662 2676 1400a0b9f-1400a0bc1 ReadConsoleW 2671->2676 2672->2646 2678 1400a0b33-1400a0b3f 2672->2678 2681 1400a0c19-1400a0c21 2674->2681 2682 1400a0d0d-1400a0d16 call 1400d5168 2674->2682 2684 1400a0bc3 call 1400d5168 2676->2684 2685 1400a0be2-1400a0bec 2676->2685 2677->2628 2678->2646 2679 1400a0b41-1400a0b43 2678->2679 2679->2646 2688 1400a0b45-1400a0b55 2679->2688 2681->2682 2691 1400a0c27 2681->2691 2698 1400a0d33-1400a0d36 2682->2698 2699 1400a0d18-1400a0d2e call 140094e68 call 140094e48 2682->2699 2696 1400a0bc9-1400a0bcb call 140094ddc 2684->2696 2689 1400a0c2e-1400a0c43 2685->2689 2688->2646 2689->2677 2695 1400a0c45-1400a0c50 2689->2695 2691->2689 2700 1400a0c52-1400a0c6b call 1400a0544 2695->2700 2701 1400a0c77-1400a0c7f 2695->2701 2696->2670 2698->2696 2704 1400a0d3c-1400a0d3e 2698->2704 2699->2670 2710 1400a0c70-1400a0c72 2700->2710 2706 1400a0cfb-1400a0d08 call 1400a0384 2701->2706 2707 1400a0c81-1400a0c93 2701->2707 2704->2677 2706->2710 2711 1400a0cee-1400a0cf6 2707->2711 2712 1400a0c95 2707->2712 2710->2677 2711->2677 2713 1400a0c9a-1400a0ca1 2712->2713 2716 1400a0cdd-1400a0ce8 2713->2716 2717 1400a0ca3-1400a0ca7 2713->2717 2716->2711 2719 1400a0ca9-1400a0cb0 2717->2719 2720 1400a0cc3 2717->2720 2719->2720 2721 1400a0cb2-1400a0cb6 2719->2721 2722 1400a0cc9-1400a0cd9 2720->2722 2721->2720 2723 1400a0cb8-1400a0cc1 2721->2723 2722->2713 2724 1400a0cdb 2722->2724 2723->2722 2724->2711
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: f3fc50aa6c1617f97820c214b6f357f8593fa625a947542fe4ec2dfdbb2d532b
                                                                    • Instruction ID: 1587d5abd9b319571573c48e8f8a5ca4e906ccd50f109f1cac320b02b794b413
                                                                    • Opcode Fuzzy Hash: f3fc50aa6c1617f97820c214b6f357f8593fa625a947542fe4ec2dfdbb2d532b
                                                                    • Instruction Fuzzy Hash: A1C1F03221478982F7639B1794403EE7BA4F7A9BD4F564211FB4A077B2CB79C885CB11
                                                                    Function 000000014007EA50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                    • String ID:
                                                                    • API String ID: 4268643673-0
                                                                    • Opcode ID: d9c89a0b3337f62daede38d05eb99e3a5ef1a2740972e772024fc1afe76f85a6
                                                                    • Instruction ID: 3889bee155bcca462bb7bd3a3e3ed75a854d6cba6fbbfda9a72b78dda44c9e20
                                                                    • Opcode Fuzzy Hash: d9c89a0b3337f62daede38d05eb99e3a5ef1a2740972e772024fc1afe76f85a6
                                                                    • Instruction Fuzzy Hash: 8511E632112B9081EB11AF26E85439D73A4FB4CFAAF684615AB6D076B4DF38C897C350
                                                                    Function 0000000140084A30 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: recv$Cleanupclosesocket
                                                                    • String ID:
                                                                    • API String ID: 146070474-0
                                                                    • Opcode ID: 2d2a226c3be6d9aac15178183d5d7ef43195daa5f04da58d8c86c7cb2957ea04
                                                                    • Instruction ID: b7fc1ca92b6d2f99495cefddca60008a77a9a95e78e48f0282b46bd6d156afcd
                                                                    • Opcode Fuzzy Hash: 2d2a226c3be6d9aac15178183d5d7ef43195daa5f04da58d8c86c7cb2957ea04
                                                                    • Instruction Fuzzy Hash: E9126E73618BC081EA229B16E4543DEA761F79D7E0F504612FBAD47AEADF78C584CB00
                                                                    Function 000000014008A260 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                    • String ID:
                                                                    • API String ID: 2488768755-0
                                                                    • Opcode ID: ec2e81338b9569798ae3e5222c4d469a5045ca5b6d5585555045104ee9391ee0
                                                                    • Instruction ID: 87069c6435efe869352e4d7ec8a553a9e77cee2d25ee79a4713f5d8602df03e1
                                                                    • Opcode Fuzzy Hash: ec2e81338b9569798ae3e5222c4d469a5045ca5b6d5585555045104ee9391ee0
                                                                    • Instruction Fuzzy Hash: EF518C72A18B80C2EB129F1AE44039D7760FB99BD4F589215EB9903BA5DF7CD2E1C704
                                                                    Function 000000014007F820 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                    • String ID:
                                                                    • API String ID: 215268677-0
                                                                    • Opcode ID: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
                                                                    • Instruction ID: 4ac3f93d2f4e81bd50ee8aef4ea7470c81fa649bc502074349a2660f854164c1
                                                                    • Opcode Fuzzy Hash: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
                                                                    • Instruction Fuzzy Hash: 8911FB32618B8082E7519F16F85039AB7A0FB89B81F549125FB9987B68CF3CC455CB40
                                                                    Function 000000014007D510 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseOpen
                                                                    • String ID: Profiles
                                                                    • API String ID: 47109696-1917249382
                                                                    • Opcode ID: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
                                                                    • Instruction ID: 743a173df9f0781bb695bac75db67ed2816ca8ec26105740734809d53537134b
                                                                    • Opcode Fuzzy Hash: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
                                                                    • Instruction Fuzzy Hash: EB21A132714A8486FE519B27E8507DAB760EB9CBD8F585222FB4D47BA9DE3CC481C700
                                                                    Function 0000000140086460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                    • API String ID: 3702945584-1787575317
                                                                    • Opcode ID: f042c0d23dc3af084ebd72cc80a6e2ef51df9749b54f9fe3e781799715c847bb
                                                                    • Instruction ID: 2c61a57f23ef47ca6cbf34886736e79b47f019dce9ee5dfbd1e28dea51a58d66
                                                                    • Opcode Fuzzy Hash: f042c0d23dc3af084ebd72cc80a6e2ef51df9749b54f9fe3e781799715c847bb
                                                                    • Instruction Fuzzy Hash: E1115B32208B8082EB62CF22F45139AB3A4F79DB88F514215EB9C47B69DFBCC155CB40
                                                                    Function 0000000140087151 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseEnumOpen
                                                                    • String ID:
                                                                    • API String ID: 1332880857-0
                                                                    • Opcode ID: 0ed1f0d6d75d13edb5719d14fe28ac9f731d103c8e3e7d84f0abb01f81af53c7
                                                                    • Instruction ID: 4eb1fa3da8fed86ec807e8835bf4fdbc3ecb00f2d9d20f4819ab5aef128a13a5
                                                                    • Opcode Fuzzy Hash: 0ed1f0d6d75d13edb5719d14fe28ac9f731d103c8e3e7d84f0abb01f81af53c7
                                                                    • Instruction Fuzzy Hash: 75717A73A04B8486EB21CB66E48479E6760F7897E8F204215FFAD17AE9DB78C1C1D700
                                                                    Function 00000001400870E0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: EnumOpen
                                                                    • String ID:
                                                                    • API String ID: 3231578192-0
                                                                    • Opcode ID: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
                                                                    • Instruction ID: b10b6130942ee25d8504e7b0700fe5892cfaace6609e80b330833a4265116e58
                                                                    • Opcode Fuzzy Hash: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
                                                                    • Instruction Fuzzy Hash: 37318D32610B8486FB21CFA6E854B9E77A4F7887D8F204215EF9917B68DF78C596C700
                                                                    Function 0000000140086E1B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseOpenQueryValue
                                                                    • String ID:
                                                                    • API String ID: 3677997916-0
                                                                    • Opcode ID: ea5228f5b16d4af609c0401fa054ebc2f4f2b519c2caea4ab20e03b2ff287b43
                                                                    • Instruction ID: b17e2a14e5b4f09d81850b6fce2c63a595a4a8a1644ce2fa634cb054cfa3d14a
                                                                    • Opcode Fuzzy Hash: ea5228f5b16d4af609c0401fa054ebc2f4f2b519c2caea4ab20e03b2ff287b43
                                                                    • Instruction Fuzzy Hash: 9821A073614B8481EA619B26F49039EA760FBD97D4F505222FB8D43AA9DE3CC184CB00
                                                                    Function 00000001400858D0 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Info$User
                                                                    • String ID:
                                                                    • API String ID: 2017065092-0
                                                                    • Opcode ID: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
                                                                    • Instruction ID: 0d4333e7acfcd10664b751b764566d9c33a0389198715772ff2fcd180fd2e377
                                                                    • Opcode Fuzzy Hash: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
                                                                    • Instruction Fuzzy Hash: 36119D3261878182D7119F62E41075EB3A2FB84BC8F455125EF8503B69DF7CD5908B44
                                                                    Function 0000000140041EB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-3916222277
                                                                    • Opcode ID: 6ef822058efd17e8ec0c5c72f21aa5575f71b4af10bf0ce230ce573a459c6a25
                                                                    • Instruction ID: 41a150dcf48049a776dd81e3d5e3e1f932dfb0020c84a720df1c1764346652b8
                                                                    • Opcode Fuzzy Hash: 6ef822058efd17e8ec0c5c72f21aa5575f71b4af10bf0ce230ce573a459c6a25
                                                                    • Instruction Fuzzy Hash: BD516772304B4496EB168F2AD49439C73A0F788BD4F954622EF5D43BA5CF79D4A6C304
                                                                    Function 0000000140086C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CurrentProfile
                                                                    • String ID: Unknown
                                                                    • API String ID: 2104809126-1654365787
                                                                    • Opcode ID: 210509c86dc14f1746e209744feb747bbd9b4430ef7c40ef9d92e801094aae68
                                                                    • Instruction ID: c76697db59c69994c391a94429b1edd31b5dec6b5dd5d2aab9107e630269dd8f
                                                                    • Opcode Fuzzy Hash: 210509c86dc14f1746e209744feb747bbd9b4430ef7c40ef9d92e801094aae68
                                                                    • Instruction Fuzzy Hash: 7C31AD33628BC086E712CF22E5507DAA760F799B84F546215FBC907A6ADB7CC695CB00
                                                                    Function 0000000140048560 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: 3c87bb3a386bfc34f94a09a15f3e95cbf4530dc945d3c867c9a23a29d9168875
                                                                    • Instruction ID: e93fd745ff60857ba182d59ca98009fa74ac710b246677c65970d569aa4b7534
                                                                    • Opcode Fuzzy Hash: 3c87bb3a386bfc34f94a09a15f3e95cbf4530dc945d3c867c9a23a29d9168875
                                                                    • Instruction Fuzzy Hash: BB51A472305B8485FE76AB13A5043DD6255A70CBE4F594A35FF6D0BBE6DE38C4928304
                                                                    Function 000000014007EED0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FolderFreeKnownPathTask
                                                                    • String ID:
                                                                    • API String ID: 969438705-0
                                                                    • Opcode ID: bd335d45d14fbdfb057b26f45b87382ee92af4e036ea24d96a9e7ed2e2078cb9
                                                                    • Instruction ID: f6580426b43ef9dac714e4dfbf3249b6456b6a25bef7ae8d87fb4185b3c8d812
                                                                    • Opcode Fuzzy Hash: bd335d45d14fbdfb057b26f45b87382ee92af4e036ea24d96a9e7ed2e2078cb9
                                                                    • Instruction Fuzzy Hash: EE313272A14B8481E621CF26E44135EB761F79D7F4F645315FBAC03AA5DB7CC1818B40
                                                                    Function 0000000140094648 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
                                                                    • Instruction ID: 32101a8edefa4219d4514f40ed930cbc4104b78895ab28f0dc7b75847b3e3112
                                                                    • Opcode Fuzzy Hash: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
                                                                    • Instruction Fuzzy Hash: 3431BD72215A4882EF62DB56E450BE963A1A79EBD4F960111F74A473F2EB38C101C700
                                                                    Function 000000014007C7CC Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                    • String ID:
                                                                    • API String ID: 420082584-0
                                                                    • Opcode ID: b1629d675231e5ac4d14c4cf23fa913f27254ded78ca0986fad54be0d956edd7
                                                                    • Instruction ID: 2a0b99272c1cb31f626003b2a647813df244ca7e61e09a724ce0a10173a214b2
                                                                    • Opcode Fuzzy Hash: b1629d675231e5ac4d14c4cf23fa913f27254ded78ca0986fad54be0d956edd7
                                                                    • Instruction Fuzzy Hash: F021C13262468441FAA3B7B7A4177EE6340AF8D7D0F145A15FB9A076F39E3CC0819623
                                                                    Function 000000014007C7FD Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseHandleMutexReleaserecv
                                                                    • String ID:
                                                                    • API String ID: 2659716615-0
                                                                    • Opcode ID: c7a425a98489807885e7e5fca98dbed17332bb762df1f79a308ffb48ea0b640c
                                                                    • Instruction ID: 03bd4b0dcebcc20fb26472061f81d4572397620754050c7a24bde8720ed44ff3
                                                                    • Opcode Fuzzy Hash: c7a425a98489807885e7e5fca98dbed17332bb762df1f79a308ffb48ea0b640c
                                                                    • Instruction Fuzzy Hash: 63110432A146C042FAA3B777A4167EE1350AF8D7D0F045615FB99076F79F3CC0818612
                                                                    Function 00000001400A0E9C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorFileLastPointer
                                                                    • String ID:
                                                                    • API String ID: 2976181284-0
                                                                    • Opcode ID: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
                                                                    • Instruction ID: 5e2eb42aa467ccbe49ae57b1676c20c6150fa8cb973f64d98be1cd83441f6eb1
                                                                    • Opcode Fuzzy Hash: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
                                                                    • Instruction Fuzzy Hash: 61119E72214B8482DA21DB26A404399A3A1E758BF4F584321FF791BBE9CF78C4918B40
                                                                    Function 00000001400AE888 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 1173176844-0
                                                                    • Opcode ID: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
                                                                    • Instruction ID: 69ec061bac81c01873d89cb0c3132a81b38bc9c219e0f41160fcd813fe823014
                                                                    • Opcode Fuzzy Hash: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
                                                                    • Instruction Fuzzy Hash: 97E04260A1228959FD6A26A715163F911840B6D7F0F2C1B24BF794B2E3AE3889D58A50
                                                                    Function 000000014009D3C8 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 485612231-0
                                                                    • Opcode ID: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
                                                                    • Instruction ID: 4fb8939859dd21c30d764fca774206093a9adc15e80cf677a28c9fe662fd02f8
                                                                    • Opcode Fuzzy Hash: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
                                                                    • Instruction Fuzzy Hash: 34E01275B0260492FF1A67F398453E922916F9C7C2F4484246B05932B2ED3485958210
                                                                    Function 000000014008F150 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: c2e36c7b61d2f19615e73cfa5b5cad62d6eede3b93b99f1956f3b137ec5dff87
                                                                    • Instruction ID: 13db419113c6498c631838fdc6ddb0dd70937527e49e167ce5f06a1b8afcd3c4
                                                                    • Opcode Fuzzy Hash: c2e36c7b61d2f19615e73cfa5b5cad62d6eede3b93b99f1956f3b137ec5dff87
                                                                    • Instruction Fuzzy Hash: F8618977300A8485EA169E26D1543BD27A1F318FD8F548611EF6E0B7E9DB38CA96E300
                                                                    Function 000000014002E2A0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_fs_directory_iterator_open
                                                                    • String ID:
                                                                    • API String ID: 4007087469-0
                                                                    • Opcode ID: 37c50b5d60c5ec6126da7556f313f4cc6777d8a0e7d3b3c6bf9ff05ee4472a04
                                                                    • Instruction ID: c67aaed08eec3102ff5c9633327f6eea2b26d53348b9d0748cf96172b5992161
                                                                    • Opcode Fuzzy Hash: 37c50b5d60c5ec6126da7556f313f4cc6777d8a0e7d3b3c6bf9ff05ee4472a04
                                                                    • Instruction Fuzzy Hash: 02619272B50A8086FB12DF6AD4903ED23A1E75C7E8F404629FF2957BE5EE34C9958340
                                                                    Function 0000000140048E80 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: 094d64f5535b959115b91f7386d9c8476bada5dc9af169b0f132f53a84b838f4
                                                                    • Instruction ID: 0e68d78e60faff21098140196ff033a2ffaaea4e00a4f5682bb80e4d4b41ae0d
                                                                    • Opcode Fuzzy Hash: 094d64f5535b959115b91f7386d9c8476bada5dc9af169b0f132f53a84b838f4
                                                                    • Instruction Fuzzy Hash: 9841AC72304B8485EA229F12A1043DEA262B74DBD4F580A35FFAD0B7AADE39C4858304
                                                                    Function 0000000140049030 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: 6010a0514eb83637f57fba0b89439feead3e6317b939d64df0f4a94bc9744133
                                                                    • Instruction ID: 2922c6a58d100b8567e20699b5a529503332b7a2c0142c3a3a15086411293361
                                                                    • Opcode Fuzzy Hash: 6010a0514eb83637f57fba0b89439feead3e6317b939d64df0f4a94bc9744133
                                                                    • Instruction Fuzzy Hash: AF41C27230578585EE26EB17A5083D9A251A34CBD4F544635BF6D0BBEADE38C582C308
                                                                    Function 000000014009D8C8 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: a6489b2be76faf22097b4e2486930154795670c0681d29dc16d0eeee0672d6c2
                                                                    • Instruction ID: 970956ea101780b6a44bc08ac7971c10be475c9fcb23d85d0426192894f7542c
                                                                    • Opcode Fuzzy Hash: a6489b2be76faf22097b4e2486930154795670c0681d29dc16d0eeee0672d6c2
                                                                    • Instruction Fuzzy Hash: 4D41AE3224474487EB76DB1EE5413EA73A0E76ABD4F140206EB9A876A1DB39D402CB91
                                                                    Function 0000000140086290 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InformationVolume
                                                                    • String ID:
                                                                    • API String ID: 2039140958-0
                                                                    • Opcode ID: 097c3a005791ee28b012612e09ea22a083e44b1245b7391d59546d3251274116
                                                                    • Instruction ID: d97b727fb9ae17560e619a07645ce3e94e9be86b671885bbfcad117fd56d4268
                                                                    • Opcode Fuzzy Hash: 097c3a005791ee28b012612e09ea22a083e44b1245b7391d59546d3251274116
                                                                    • Instruction Fuzzy Hash: 53517C33A14B808AE712CF79D4403DE77A0F799788F505611EB9C53AA9DF78C684CB40
                                                                    Function 00000001400429B0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0000000140042AB8
                                                                      • Part of subcall function 000000014002B820: __std_exception_copy.LIBVCRUNTIME ref: 000000014002B868
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                    • String ID:
                                                                    • API String ID: 317858897-0
                                                                    • Opcode ID: 243dfd2353d43fd601b15663e7695c94552d3828716626cc3f7a822d02133993
                                                                    • Instruction ID: e0c424e73107c798dbe20568d75892bd8762e32d7f1318d59332ad997fcd64de
                                                                    • Opcode Fuzzy Hash: 243dfd2353d43fd601b15663e7695c94552d3828716626cc3f7a822d02133993
                                                                    • Instruction Fuzzy Hash: 3D21D732701B4042EE2AEB16E5403E96290E758BE4F654731AF7C07BE5EE78C4E2C345
                                                                    Function 00000001400A080C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
                                                                    • Instruction ID: eadfb93546a9950693f2aa7559f4ccf8f1f0c25cf7c605596cfe9b5c909f97bf
                                                                    • Opcode Fuzzy Hash: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
                                                                    • Instruction Fuzzy Hash: D1316B3261065886F753AB6798413ED2B90B7ACFE5F920305BB99073F2DB7CC4818B55
                                                                    Function 00000001400BE200 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
                                                                    • Instruction ID: 824ad48f941a611458d9d107f1ba3892ee12638fd4db84a9ea3f894c29f76267
                                                                    • Opcode Fuzzy Hash: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
                                                                    • Instruction Fuzzy Hash: 03116632215A8081EB629F97D4003EEA3B4B79DFC4F554821FB895B7B6DB7CC9418740
                                                                    Function 00000001400BFEF8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
                                                                    • Instruction ID: 608a15f6eaf0ef5a496612af3e2485e25ca9acab7b6d14a4bfcd21ba336913f7
                                                                    • Opcode Fuzzy Hash: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
                                                                    • Instruction Fuzzy Hash: 0A21A532214A8187EB629F6AD4407B977B0FBD9BD4F544224FB5D476EADB38C400CB00
                                                                    Function 00000001400A54B4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 42dcc955d4fd3197300f6b05653cf2d2f457e7ff6d65b15765544b4f1739082b
                                                                    • Instruction ID: fd783d6a1e17b455ac1502cd21968fac34f3ce32d3c1f1488e06dd847f71ef0d
                                                                    • Opcode Fuzzy Hash: 42dcc955d4fd3197300f6b05653cf2d2f457e7ff6d65b15765544b4f1739082b
                                                                    • Instruction Fuzzy Hash: AE11A072525A40C2F312AB26E4507DDB3A2F79CBC5F450625FB96477B2CB38C8908F00
                                                                    Function 0000000140080E00 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: send
                                                                    • String ID:
                                                                    • API String ID: 2809346765-0
                                                                    • Opcode ID: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
                                                                    • Instruction ID: 324eafc6b56467617a0271dfae881c0dd6149dee2f0a2b88ad16501ffcdce3d5
                                                                    • Opcode Fuzzy Hash: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
                                                                    • Instruction Fuzzy Hash: 1D01AD32714A8486EB518F1BF94075AA7A0F78CFD4F485230EF5D43B68DB38C9818700
                                                                    Function 0000000140037633 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileFindNext
                                                                    • String ID:
                                                                    • API String ID: 2029273394-0
                                                                    • Opcode ID: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
                                                                    • Instruction ID: 198944faf61d7ec3d1a427db0a2f838cdd5696eaf073c2c50a60053681fd637d
                                                                    • Opcode Fuzzy Hash: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
                                                                    • Instruction Fuzzy Hash: 5701FB36218AC081EA72DB57F49579BA364F78CBD4F444026EF8D43B69DE39C886CB00
                                                                    Function 0000000140097374 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
                                                                    • Instruction ID: 10117cc0a24eac238d1afa44782b5dd388175b2725dd5008568661bd113a274c
                                                                    • Opcode Fuzzy Hash: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
                                                                    • Instruction Fuzzy Hash: 2BE0D832215B4481EF666BBB91417EC71506B5CBF4F548321BF38033E6DB3484905711
                                                                    Function 00000001400AE9D0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00000001400AE9E4
                                                                      • Part of subcall function 00000001400B0E6C: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00000001400B0E74
                                                                      • Part of subcall function 00000001400B0E6C: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00000001400B0E79
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                    • String ID:
                                                                    • API String ID: 1208906642-0
                                                                    • Opcode ID: 552cadb944fbfa7d273d14e6333c601f02b0659bfbb50ac822d976667c4bc77c
                                                                    • Instruction ID: bac56e61feae0d415a5fce5064964b513ab6c5bfd6be6e63147963a24a6523ee
                                                                    • Opcode Fuzzy Hash: 552cadb944fbfa7d273d14e6333c601f02b0659bfbb50ac822d976667c4bc77c
                                                                    • Instruction Fuzzy Hash: 34E012705057C040FEA77AB315473FE13502B3D3C4F500649BB95431F3963648C61A22
                                                                    Function 00000001400BB4C0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileFindNext
                                                                    • String ID:
                                                                    • API String ID: 2029273394-0
                                                                    • Opcode ID: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
                                                                    • Instruction ID: 55b9ab2d4f23c47d731a4d9c5ea1b4a63ef8b7b9423aaadfc0eff3470f8c37f6
                                                                    • Opcode Fuzzy Hash: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
                                                                    • Instruction Fuzzy Hash: 65C09B39F15941D2E6553F775C823C611E06B5C792F440030DB0481170DE7CC5D78721
                                                                    Function 00000001400BD0B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InfoNativeSystem
                                                                    • String ID:
                                                                    • API String ID: 1721193555-0
                                                                    • Opcode ID: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
                                                                    • Instruction ID: fd872328199e54ae9bef307987e8fd57df0d4d182fee6eb87dab4ff849822d36
                                                                    • Opcode Fuzzy Hash: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
                                                                    • Instruction Fuzzy Hash: 0BB09236A148C0C3C612FB04E8422497331FB98B0FFD00000E78E42624CE2CCA2A8E00
                                                                    Function 000000014009DA30 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
                                                                    • Instruction ID: 07a5c3aa508a4e6947d003ddc055f1739cb4df8b9625e4c5651f4d540c93f396
                                                                    • Opcode Fuzzy Hash: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
                                                                    • Instruction Fuzzy Hash: F6F0547438560585FE5B57A754513E923806B9DBC0F4C95326F0A873F2EE3CC9A08211
                                                                    Function 000000014009E8BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
                                                                    • Instruction ID: 9f1c80e48db00bc7a01722dd14718bcfc10f7deb6eb96187868d3df548336582
                                                                    • Opcode Fuzzy Hash: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
                                                                    • Instruction Fuzzy Hash: 97F01C3130128945FE9666B398457EB12806B9DBF5F4947347F2A872E2DA38C8808620

                                                                    Non-executed Functions

                                                                    Function 0000000140091220 Relevance: 49.1, APIs: 25, Strings: 2, Instructions: 1888COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                    • String ID: $
                                                                    • API String ID: 2880407647-227171996
                                                                    • Opcode ID: 49a4e64996860ac975e7d62cf44a3f3077f64a100a8fbd3398d3c45755aa41bf
                                                                    • Instruction ID: a657bb27cda1b9a1f0199fcee91b942ba265a0f8779d78ad39ddf276b9d33eb5
                                                                    • Opcode Fuzzy Hash: 49a4e64996860ac975e7d62cf44a3f3077f64a100a8fbd3398d3c45755aa41bf
                                                                    • Instruction Fuzzy Hash: 1503AE727146808BE7768F2AD950BEE77A1F3987C8F405119FB06A7BA8D735DA00CB40
                                                                    Function 000000014008A430 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                                                    • String ID: 0
                                                                    • API String ID: 1424456515-4108050209
                                                                    • Opcode ID: 7fc2e5d3b4b2cd19d1c4915c4930dd802a13061939fc02b21b982c9dd6b28cb1
                                                                    • Instruction ID: d4c865407b3b5a88cd489df068cd4ff9b7f7d0fd986f16175bd207bd1cd188c2
                                                                    • Opcode Fuzzy Hash: 7fc2e5d3b4b2cd19d1c4915c4930dd802a13061939fc02b21b982c9dd6b28cb1
                                                                    • Instruction Fuzzy Hash: 11C2B736626F988AD7908F69E88169DB3B5F788B88F106215FFCD57B18EB38C154C740
                                                                    Function 00000001400293F0 Relevance: 31.0, Strings: 24, Instructions: 1029COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Email$HTTP Server URL$HTTP User$HTTPMail Server$IMAP Password$IMAP Password2$IMAP Server$IMAP User$IMAP User Name$NNTP Password$NNTP Password2$NNTP Server$NNTP User$NNTP User Name$POP3 Password$POP3 Password2$POP3 Server$POP3 User$POP3 User Name$SMTP Password$SMTP Password2$SMTP Server$SMTP User$SMTP User Name
                                                                    • API String ID: 0-560833949
                                                                    • Opcode ID: 4eb451f0c1ad08b7a6288b20d54045f4b853d1a17ef6ac72d4ac4548a2847e77
                                                                    • Instruction ID: 3f16e7061a97687f7e741945e4b39fa092233cd998affea91303aa2af96ff760
                                                                    • Opcode Fuzzy Hash: 4eb451f0c1ad08b7a6288b20d54045f4b853d1a17ef6ac72d4ac4548a2847e77
                                                                    • Instruction Fuzzy Hash: BBC2C972A21FA889E781CF79EC816DC77B4F759748F116219FF8962B29EB309191C340
                                                                    Function 0000000140006180 Relevance: 30.2, Strings: 24, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                                                    • API String ID: 118556049-850610325
                                                                    • Opcode ID: 22dcfd16a23274500c0631d97ecb7b22965bfb45e38d580db89ddce6ecc7947a
                                                                    • Instruction ID: 9af6f5fb2451f039e3f2e29efcbad565e8741d3969121260d1ea1181c48c6de1
                                                                    • Opcode Fuzzy Hash: 22dcfd16a23274500c0631d97ecb7b22965bfb45e38d580db89ddce6ecc7947a
                                                                    • Instruction Fuzzy Hash: 64C14562D60BC985E722DF36D8823E65361F7EE784F50A7067A8866866EF74D3C4C340
                                                                    Function 0000000140057CEB Relevance: 29.3, APIs: 2, Strings: 14, Instructions: 1339COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0000000140059311
                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00000001400593E6
                                                                      • Part of subcall function 000000014002BA80: __std_exception_copy.LIBVCRUNTIME ref: 000000014002BAC3
                                                                      • Part of subcall function 00000001400B0E88: RtlPcToFileHeader.KERNEL32 ref: 00000001400B0ED8
                                                                      • Part of subcall function 00000001400B0E88: RaiseException.KERNEL32 ref: 00000001400B0F19
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                                                    • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                    • API String ID: 145623376-3561477107
                                                                    • Opcode ID: 2a5f9c0f16aeb70e18e44eca5b6abd1025d4ec856a54344e6a266d96e719af72
                                                                    • Instruction ID: 2bb403da8985072820bb3dd4ea3b944cd9c88b997413b6ed38cae2d55cfdd3ee
                                                                    • Opcode Fuzzy Hash: 2a5f9c0f16aeb70e18e44eca5b6abd1025d4ec856a54344e6a266d96e719af72
                                                                    • Instruction Fuzzy Hash: 98D27A72201BC489EB72DF26D8943ED23A1E749BD8F448512EF5D1BAA9DF79C685C300
                                                                    Function 000000014007B420 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExecuteShell
                                                                    • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                                                    • API String ID: 587946157-4093014531
                                                                    • Opcode ID: 15d0e6cb3b0890737360701340db1a4708e7f243a0c76d7800706a3be4d771d2
                                                                    • Instruction ID: e64ee07ffd1cac2cfd0fc144e315d25c75a5b9d17199e52aade8a2fe2e984c9d
                                                                    • Opcode Fuzzy Hash: 15d0e6cb3b0890737360701340db1a4708e7f243a0c76d7800706a3be4d771d2
                                                                    • Instruction Fuzzy Hash: 7A228B72A10B8489EB11DF2AE8803DD67A1F7887D8F509216FF9D47AA9DF78C584C740
                                                                    Function 00000001400AA3C8 Relevance: 20.4, APIs: 8, Strings: 3, Instructions: 1156COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: s$s$W$
                                                                    • API String ID: 3215553584-4165748295
                                                                    • Opcode ID: 6e2b4c267e673e21a6edb627fc9ac4d69be015c1ed891353ae6bc90475eaa618
                                                                    • Instruction ID: 9c23e8f5d791de3a81c7dc2569aff22aa5110c8414dce3997c0390da00aabe92
                                                                    • Opcode Fuzzy Hash: 6e2b4c267e673e21a6edb627fc9ac4d69be015c1ed891353ae6bc90475eaa618
                                                                    • Instruction Fuzzy Hash: 63A2D172B142908BE7768F66D440BED77A1F3697C8F405215EB0A5BAE9D738DA80CF40
                                                                    Function 000000014008A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                                    • String ID: 0
                                                                    • API String ID: 3636535045-4108050209
                                                                    • Opcode ID: f81eb009de86b6c444231f19861b7892c29bf8f20dd4133f3e5d2f442cec1830
                                                                    • Instruction ID: b9de4dd26ae70b31327b14156477d7184851864b7bbd00916b50dd9a12508fe7
                                                                    • Opcode Fuzzy Hash: f81eb009de86b6c444231f19861b7892c29bf8f20dd4133f3e5d2f442cec1830
                                                                    • Instruction Fuzzy Hash: 2FB28936626F988AD7808F69F88165EB3B5F788B88F106215FFCD57B18EB38C1548740
                                                                    Function 0000000140078440 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 188COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Crypt$AlgorithmConcurrency::cancel_current_taskGenerateOpenPropertyProviderSymmetric
                                                                    • String ID: AES$ChainingMode$ChainingModeGCM
                                                                    • API String ID: 2222192889-1213888626
                                                                    • Opcode ID: 274f445ca7abd8b3b94ff4ba86ac89ea7235631b092cdef40730f784da6a4864
                                                                    • Instruction ID: f28bd28e0eb8214e6e1a560f29bcde7bb753b3cc16860b90a9d8975a1a4d3131
                                                                    • Opcode Fuzzy Hash: 274f445ca7abd8b3b94ff4ba86ac89ea7235631b092cdef40730f784da6a4864
                                                                    • Instruction Fuzzy Hash: 5361C172710B8486FB269F66E8407D96360E78DBE4F544725BF6C0BBE6DB38C5918700
                                                                    Function 00000001400A8C04 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                    • String ID: utf8
                                                                    • API String ID: 3069159798-905460609
                                                                    • Opcode ID: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
                                                                    • Instruction ID: 8349dc3027b5bf838b073474c1dbd6b6b718dd048b030d4317e83b54c1e9017f
                                                                    • Opcode Fuzzy Hash: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
                                                                    • Instruction Fuzzy Hash: 3B916A3220178186FB76EF63D4513E963A5F7ACBC0F448221AF59477A6EB39C991CB10
                                                                    Function 00000001400A964C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                    • String ID:
                                                                    • API String ID: 2591520935-0
                                                                    • Opcode ID: 35311c5f5cbb088db9cafc063da405a92d1dac0a49a1e36eea51d3b328654a2c
                                                                    • Instruction ID: 7bd31282f7cea42ea7c1da278a9239bc261f869a6e572b599c6795b1d4aeb46e
                                                                    • Opcode Fuzzy Hash: 35311c5f5cbb088db9cafc063da405a92d1dac0a49a1e36eea51d3b328654a2c
                                                                    • Instruction Fuzzy Hash: 98716D327106508AFF52DFA2D8507ED33B4BB5CBC4F444626AF1957AA5EB38C885CB60
                                                                    Function 00000001400AF2B8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 6458172863af31e20951f5f8dc1d486a5fb90de472876968ccfd77d10a4e7fe6
                                                                    • Instruction ID: 3eaaca77e3044fe114672d1de19e5a1b13903de1a1951330ac21f52225543186
                                                                    • Opcode Fuzzy Hash: 6458172863af31e20951f5f8dc1d486a5fb90de472876968ccfd77d10a4e7fe6
                                                                    • Instruction Fuzzy Hash: 81314376205B8086EB61DFA1E8803ED7374F799785F44412AEB4E47BA9DF38C649CB10
                                                                    Function 0000000140033A30 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 699COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Crypt$AlgorithmProvider$CloseGenerateOpenPropertySymmetric
                                                                    • String ID: Wallets$content$filename$ios_base::badbit set
                                                                    • API String ID: 4024084497-1237116864
                                                                    • Opcode ID: 3be04f076b9296325cc5aefef03914f2986dc46e142b5b922412b7815989888e
                                                                    • Instruction ID: 9e4da370fed2166d00dd657d5401aba4a3c0c1400cfb0c7979fe3975f04658ca
                                                                    • Opcode Fuzzy Hash: 3be04f076b9296325cc5aefef03914f2986dc46e142b5b922412b7815989888e
                                                                    • Instruction Fuzzy Hash: A582E132119BC595E6B29B15F8803DAB3A4F7C9780F505226EBCD43BA9EF78C594CB40
                                                                    Function 00000001400702C0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_exception_destroy
                                                                    • String ID: value
                                                                    • API String ID: 2453523683-494360628
                                                                    • Opcode ID: c79dc9ab7cfd5d78607e81de89503bfdf75eacdc8a43a0fa1debc858cf2cdfc1
                                                                    • Instruction ID: 2f0a74b06a620db2c6074f5de4abd2660f00365e9c853ea50482cebdeb1d6260
                                                                    • Opcode Fuzzy Hash: c79dc9ab7cfd5d78607e81de89503bfdf75eacdc8a43a0fa1debc858cf2cdfc1
                                                                    • Instruction Fuzzy Hash: 4C027A72A14BC085EB52CBB6D4803EE6761E7897E4F105312FB9D13AEADE78C185C740
                                                                    Function 00000001400070E0 Relevance: 8.7, Strings: 2, Instructions: 6192COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0| $\|
                                                                    • API String ID: 0-2050777373
                                                                    • Opcode ID: ad8b8a06ee8e7dbd9eb0ed87f328e0d9eefed4ef2557dac10ab3baeca558fbf1
                                                                    • Instruction ID: 284daf97a714ec00d6c1b3d7287322477c9a22568bbb2eccfed623d737d0f244
                                                                    • Opcode Fuzzy Hash: ad8b8a06ee8e7dbd9eb0ed87f328e0d9eefed4ef2557dac10ab3baeca558fbf1
                                                                    • Instruction Fuzzy Hash: D904D032915FC489D7759F39EC853D977A8F79978CF106219EB8C1AB29EB3483A08305
                                                                    Function 00000001400398CD Relevance: 7.4, Strings: 5, Instructions: 1142COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: config$content$filename$status$users
                                                                    • API String ID: 0-2677590375
                                                                    • Opcode ID: 949dde43ccd6764ae27f181f54f9d3c0a95e321b57695debdbefde8e21984097
                                                                    • Instruction ID: 8466b02c89f5d3f5ca8fd9f45cea41b65bbce8c294ac8a6e5fda3690ef307a81
                                                                    • Opcode Fuzzy Hash: 949dde43ccd6764ae27f181f54f9d3c0a95e321b57695debdbefde8e21984097
                                                                    • Instruction Fuzzy Hash: 3CC23B72611BC589DB329F36D8903DD6361F789798F405216EB9D4BBAAEF38C684C340
                                                                    Function 00000001400BD804 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001400BD887
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                    • API String ID: 389471666-631824599
                                                                    • Opcode ID: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
                                                                    • Instruction ID: 156b50a59491b522b95133cc87a66bc9d4c90f318aca79d238700763b05f87d6
                                                                    • Opcode Fuzzy Hash: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
                                                                    • Instruction Fuzzy Hash: 5F115A32210B40A7F75A9B27E6943E933A1FB4C786F449125EB4983A70EF78D0B8C750
                                                                    Function 00000001400AA44F Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$W$
                                                                    • API String ID: 3215553584-4287779413
                                                                    • Opcode ID: e914ef83dae64b72f50003c00f300a4745ddd1fbbdf1c541f482026cce5ebf66
                                                                    • Instruction ID: 4d4210e12aeee8e9f5e94711e4e8cd733dc4b39c4ec79285a3ee6235da0bb1d1
                                                                    • Opcode Fuzzy Hash: e914ef83dae64b72f50003c00f300a4745ddd1fbbdf1c541f482026cce5ebf66
                                                                    • Instruction Fuzzy Hash: 93711172B242414BE7228F3AD4447EDB3A1A7AD3D4F044725BB199BAE5DB3CD9818F00
                                                                    Function 0000000140099038 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                    • String ID:
                                                                    • API String ID: 3562403962-0
                                                                    • Opcode ID: 6131e7ac5c004b666fb02de1823fa69e50ababb2f1d6eff18536aed83fe204ab
                                                                    • Instruction ID: 2006030ddcdfcd66f6cc748a20a45c9b0152b93ab0e2963e6fa905ca9af8d5f1
                                                                    • Opcode Fuzzy Hash: 6131e7ac5c004b666fb02de1823fa69e50ababb2f1d6eff18536aed83fe204ab
                                                                    • Instruction Fuzzy Hash: 84311632310A859EEB21DF36D8547D923A5F74CBC8F944125AA494BB68DF38D646C740
                                                                    Function 00000001400A36A8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1286766494-0
                                                                    • Opcode ID: 91154ea289c3556cf103cf6e37fc2ba0624cd5322ab1aec8ddf48183395d8b30
                                                                    • Instruction ID: 4fad86f6d9d594f3f7bfe3a69b32873ea402f7dc870d61de0be478661a220898
                                                                    • Opcode Fuzzy Hash: 91154ea289c3556cf103cf6e37fc2ba0624cd5322ab1aec8ddf48183395d8b30
                                                                    • Instruction Fuzzy Hash: 4D92E03660479087EB668F26D5503EE37A5F7A97C8F548215FB8907FA9DB38C990CB00
                                                                    Function 00000001400BB170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FormatInfoLocaleMessage
                                                                    • String ID: !x-sys-default-locale
                                                                    • API String ID: 4235545615-2729719199
                                                                    • Opcode ID: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
                                                                    • Instruction ID: 3c92f31fd4891f13edf4352e9aacb77233aaeb4dc1a43732f9876fdfe1b241ce
                                                                    • Opcode Fuzzy Hash: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
                                                                    • Instruction Fuzzy Hash: 61018C72714B8083EB229F57B8647AA67A2F7887C5F848025EB5547AA8CB7CC606C700
                                                                    Function 0000000140093150 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: memcpy_s
                                                                    • String ID:
                                                                    • API String ID: 1502251526-0
                                                                    • Opcode ID: eb07a1fe8bff8429000d82fc6708e1dd14e73367c47fa60bb37c8b50ad77a0f3
                                                                    • Instruction ID: c4b91031d082ce85d0071a6aadb3f9c9206e35f87d0b51ac34ed733270a5ee20
                                                                    • Opcode Fuzzy Hash: eb07a1fe8bff8429000d82fc6708e1dd14e73367c47fa60bb37c8b50ad77a0f3
                                                                    • Instruction Fuzzy Hash: 70C1167231468487EB26CF1AE0447AEB7A1F39CBC4F459125EB5A43BA4DB39E901CF40
                                                                    Function 00000001400A90C8 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1791019856-0
                                                                    • Opcode ID: 8cdfe7f1b5fd9999da327c4f4609675d5690c7bae2d768c40d9912784c01383a
                                                                    • Instruction ID: 5aa2a0d1c8725bc235ac10c78bb89a9ef32e388b198462fc47fde5f37f4abd7d
                                                                    • Opcode Fuzzy Hash: 8cdfe7f1b5fd9999da327c4f4609675d5690c7bae2d768c40d9912784c01383a
                                                                    • Instruction Fuzzy Hash: 3761B2327006419AEB369FA6E5503ED73A1F7AC7C5F408325EB9A936E1DB38D591CB00
                                                                    Function 00000001400763A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: EXayy7tI8YZ2RBeXAy50u39uvyoII2IeIv51t8gZ9hA=$czrMHYWulnc=$port
                                                                    • API String ID: 0-4226204186
                                                                    • Opcode ID: e2bb2ed4faeef6878684d7fd7acdfbc19a653c94f585a990c483827dae273339
                                                                    • Instruction ID: 9b4862e95f6fcc26d2417899f4ab57a580ce994f7de1a64d19b262a48ac5c7d0
                                                                    • Opcode Fuzzy Hash: e2bb2ed4faeef6878684d7fd7acdfbc19a653c94f585a990c483827dae273339
                                                                    • Instruction Fuzzy Hash: 0A724C72629BC485EA61CB25E4803DEB3A5F7D9784F505215EBCD13BA9EF38C191CB04
                                                                    Function 000000014009F0D8 Relevance: 3.9, Strings: 3, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: -$e+000$gfff
                                                                    • API String ID: 0-2620144452
                                                                    • Opcode ID: c7e19593615f5b016f33edca04d76eabfb088503034d3aa1c419b3a715446e94
                                                                    • Instruction ID: 5492b00e63e4a759c2255974a7dbe939dc967fd202c0368106c7b13000663624
                                                                    • Opcode Fuzzy Hash: c7e19593615f5b016f33edca04d76eabfb088503034d3aa1c419b3a715446e94
                                                                    • Instruction Fuzzy Hash: C45157767147C486E7268F36E9017A9BB91F348BD4F48D222EBA48BBE5CB79C445C700
                                                                    Function 0000000140051AF0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: parse_error
                                                                    • API String ID: 592178966-3903021949
                                                                    • Opcode ID: 4660bb8badf8c6dd0aeb7cc38a1e76cc4e5f3e3823a0b1328e24b7fae0a98b52
                                                                    • Instruction ID: 3c4670f40cc9ab17b43fc29367b9fa31500672bc97c50587d62b6602c41e7cfc
                                                                    • Opcode Fuzzy Hash: 4660bb8badf8c6dd0aeb7cc38a1e76cc4e5f3e3823a0b1328e24b7fae0a98b52
                                                                    • Instruction Fuzzy Hash: FEA17E72B10B8489EB12CB66E4403ED6362E79D7D8F109711EF9C17AAAEB39C195C340
                                                                    Function 000000014009E020 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InfoLocale
                                                                    • String ID: GetLocaleInfoEx
                                                                    • API String ID: 2299586839-2904428671
                                                                    • Opcode ID: 099550578a3a416ea78b7fa52ed638fc0f733537aeae7f3447c0ea0cdfd8c17a
                                                                    • Instruction ID: fb935f9c2ab31aa5e90575f03674e7bf2486afca9488b688b185203ea02026ac
                                                                    • Opcode Fuzzy Hash: 099550578a3a416ea78b7fa52ed638fc0f733537aeae7f3447c0ea0cdfd8c17a
                                                                    • Instruction Fuzzy Hash: 80016D35704A8086EB569B57F4407DAA761FB9CBC0F984426FF4913BBADE38C9428790
                                                                    Function 000000014007C8E0 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExecuteFileModuleNameShell
                                                                    • String ID:
                                                                    • API String ID: 1703432166-0
                                                                    • Opcode ID: a9930aa51e6af6aed28113d84c62410ac396fb6bf6f1d180f11b06186f4ae6ab
                                                                    • Instruction ID: 5fd44ca7600df07536896c6d8f236d3cf04f38ac0af448961f63f8dd7fa29135
                                                                    • Opcode Fuzzy Hash: a9930aa51e6af6aed28113d84c62410ac396fb6bf6f1d180f11b06186f4ae6ab
                                                                    • Instruction Fuzzy Hash: 60120772625FC48ADB518F2AE88079EB3A5F788794F506215FF9D57B68EB38C150C700
                                                                    Function 0000000140078020 Relevance: 3.2, APIs: 2, Instructions: 248COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CryptDecrypt
                                                                    • String ID:
                                                                    • API String ID: 2620231605-0
                                                                    • Opcode ID: a15f310f6230dab8b2c439189cf4db1ee8969c8c9a52d6e13aa6a1d9d343b1fb
                                                                    • Instruction ID: f7f5fd7e2185f9db639c3601158b2a71c7d2ea5875eccf7afe32dc6e5bc30884
                                                                    • Opcode Fuzzy Hash: a15f310f6230dab8b2c439189cf4db1ee8969c8c9a52d6e13aa6a1d9d343b1fb
                                                                    • Instruction Fuzzy Hash: 7FB16A72B48B809AEB61CB66E4503AD37B5F34978CF008216EF4817BA9DB79C599D340
                                                                    Function 00000001400A14E4 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionRaise_clrfp
                                                                    • String ID:
                                                                    • API String ID: 15204871-0
                                                                    • Opcode ID: 7fa2203b5ce5cf4252278981a869295bf258e597fb1a3e488d01a74adacce12a
                                                                    • Instruction ID: ce3cffeaddecb57bd5aa004852814d0472f37fd234069d5227336842901e8d70
                                                                    • Opcode Fuzzy Hash: 7fa2203b5ce5cf4252278981a869295bf258e597fb1a3e488d01a74adacce12a
                                                                    • Instruction Fuzzy Hash: 82B1FD77610B848BEB56CF2AD44539C7BE0F398B98F198A15EB59877B4CB39C491CB00
                                                                    Function 00000001400AC128 Relevance: 3.2, APIs: 2, Instructions: 208COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorHeapLast_invalid_parameter_noinfo$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 749460637-0
                                                                    • Opcode ID: 6120cd2db9c099bf974b85608473aedc748567b28a25adf1687327546a1749dc
                                                                    • Instruction ID: a0cc71780de81b772317908ff88ec895ebc3ca39ef53a965ae4e9244de46f0ae
                                                                    • Opcode Fuzzy Hash: 6120cd2db9c099bf974b85608473aedc748567b28a25adf1687327546a1749dc
                                                                    • Instruction Fuzzy Hash: 92612B3231478142EB669F67A810BEEB3D1B7DCBC0F454626BF49477A5EE38C8818B04
                                                                    Function 0000000140086540 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: DevicesDisplayEnum
                                                                    • String ID:
                                                                    • API String ID: 2211661463-0
                                                                    • Opcode ID: efc3b5e339676c8b80197b2938f6d85a335b7ecceb1b7679b6c81ff67d52d715
                                                                    • Instruction ID: c35878f14fd4ace50e34acaeaa391da43f012d67d0405fd52747271c3f58506e
                                                                    • Opcode Fuzzy Hash: efc3b5e339676c8b80197b2938f6d85a335b7ecceb1b7679b6c81ff67d52d715
                                                                    • Instruction Fuzzy Hash: 7E81AB33A14B8486E721CF26E84479E77A5F388798F515215EF9C17BA9EF78C681CB00
                                                                    Function 0000000140037C20 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CryptDataFreeLocalUnprotect
                                                                    • String ID:
                                                                    • API String ID: 1561624719-0
                                                                    • Opcode ID: 34d943551a4b9f41df1ee0f5e8d59b3a172d2e47d97a60c44756803dac96181a
                                                                    • Instruction ID: 7f40ee8586bf01c3048f34f820df491f9ea945d51269d3c7e357f259fb1b8b85
                                                                    • Opcode Fuzzy Hash: 34d943551a4b9f41df1ee0f5e8d59b3a172d2e47d97a60c44756803dac96181a
                                                                    • Instruction Fuzzy Hash: D2616632B14B809AEB22DF76E4403DD73B1E75978CF008229EB8D17E9ADB78C5948350
                                                                    Function 0000000140078B00 Relevance: 3.0, Strings: 2, Instructions: 529COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: %$+
                                                                    • API String ID: 0-2626897407
                                                                    • Opcode ID: 5b96eee8d12b20b883142cf5d31d9b5b4c074048313c0e0595a3f5201f946071
                                                                    • Instruction ID: 4f07d37735d6ed429a9df18d9a74b6349316186db300b3afe0c233002630e10c
                                                                    • Opcode Fuzzy Hash: 5b96eee8d12b20b883142cf5d31d9b5b4c074048313c0e0595a3f5201f946071
                                                                    • Instruction Fuzzy Hash: 1F221333B14A848AFB26CB66E4503ED67A2E7597D8F444222EF4917BE9DB3CC445C350
                                                                    Function 00000001400A46E4 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: a/p$am/pm
                                                                    • API String ID: 0-3206640213
                                                                    • Opcode ID: d4351435efb39c397654aac4863534f6b364d586ca34e5132229a126b3ed6b80
                                                                    • Instruction ID: 282e28f27db02fe1aa2beadafee1f9428e67b57fa7ec56f663f6cb2ab2f17a07
                                                                    • Opcode Fuzzy Hash: d4351435efb39c397654aac4863534f6b364d586ca34e5132229a126b3ed6b80
                                                                    • Instruction Fuzzy Hash: A0E1ED3A61468085EB668F2791547FE23A4FBB97C4F654302FB4A07FA4DB38C991CB11
                                                                    Function 0000000140030A80 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: dumps$emoji
                                                                    • API String ID: 0-2873254224
                                                                    • Opcode ID: 9c1d1d90ca4f88bc8268b0322e863aaa792dfa8aa99b6ae742cb4d4f1446b717
                                                                    • Instruction ID: de1d32d498b1603b3283e1e425eee834114ee630492cf4a12f2e42a933c28d9c
                                                                    • Opcode Fuzzy Hash: 9c1d1d90ca4f88bc8268b0322e863aaa792dfa8aa99b6ae742cb4d4f1446b717
                                                                    • Instruction Fuzzy Hash: EEB1FA32929BC486E661CB25E88039AB7A4F79D788F116315FBCD53B59DB38D290CB00
                                                                    Function 0000000140060AC0 Relevance: 2.0, APIs: 1, Instructions: 470COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: 837dce3a7638e622362a98dae6413cb48e0848b1bbd54b8037b6e21237e2d6ea
                                                                    • Instruction ID: 3ea09d183f0e17230624784c327211b13ac9c21796c8a57e93de2c3ba86a3c65
                                                                    • Opcode Fuzzy Hash: 837dce3a7638e622362a98dae6413cb48e0848b1bbd54b8037b6e21237e2d6ea
                                                                    • Instruction Fuzzy Hash: 9F029B72711B8585EB11CFA6D8403EE63A2E748BD8F589622EF9C177A9DF34C495C380
                                                                    Function 00000001400A6A68 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Info
                                                                    • String ID:
                                                                    • API String ID: 1807457897-0
                                                                    • Opcode ID: 0aeda05f8e17a057bf0c4e30c5f8b36998a1f9dbcc3846e21ecfb66c9c3a146b
                                                                    • Instruction ID: a529babc2d6e8ba6f5e828ff2b22bd3019f6cc999c29afac651c8859d6e64573
                                                                    • Opcode Fuzzy Hash: 0aeda05f8e17a057bf0c4e30c5f8b36998a1f9dbcc3846e21ecfb66c9c3a146b
                                                                    • Instruction Fuzzy Hash: 06128A32A08BC486E752CF3994457ED73A4F76D788F459316EB98876A2EB34D2C4CB00
                                                                    Function 00000001400A71D8 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6d8af75c0a56fd72291b2102bcd836d71eb6da3f8600b046377b4d4d31aea83
                                                                    • Instruction ID: bb940daf5543c1f9a79ee97aaadeda5922451d7e61c1cde4f32fc15d938a2440
                                                                    • Opcode Fuzzy Hash: c6d8af75c0a56fd72291b2102bcd836d71eb6da3f8600b046377b4d4d31aea83
                                                                    • Instruction Fuzzy Hash: 4CE15036704B8086E721DB62E4417EE77A4F3A97C8F418626EF8D53B66EB78D245C700
                                                                    Function 000000014005C0F0 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: ba6e798b33c31b8babce7982aa7647becf1fe59b5221b68f800a875ca2996f14
                                                                    • Instruction ID: 3367cc3590d20919b635da020e6a9838ec97f649690dd723de14dcaa02d71857
                                                                    • Opcode Fuzzy Hash: ba6e798b33c31b8babce7982aa7647becf1fe59b5221b68f800a875ca2996f14
                                                                    • Instruction Fuzzy Hash: 4DA17932715B9889EB02CBAAD4803EC37B0F359B88F548516EF8E57B69DB39C195C350
                                                                    Function 000000014005BAB0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: baf6e9e96fe520b1ae0ed223b090e5a862bb2f1c033f3b610d442a665e70a209
                                                                    • Instruction ID: e7e758f77b730658fa2183651e0bcda9456a6a66edef94dbe68809bbbcb91688
                                                                    • Opcode Fuzzy Hash: baf6e9e96fe520b1ae0ed223b090e5a862bb2f1c033f3b610d442a665e70a209
                                                                    • Instruction Fuzzy Hash: 4AA18932615B98C9EB01CB6AD4803EC3BB0F359B88F548516EF8D57769DB79D191C310
                                                                    Function 000000014005B780 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: e35d31433939dc0543c08c43d2f0dc283812906ada797f849c1cd6b06b58ce4c
                                                                    • Instruction ID: fa854fabc025c76a206bed3a6f1c0845178dcea3b927583e1f4c4cda74e7147e
                                                                    • Opcode Fuzzy Hash: e35d31433939dc0543c08c43d2f0dc283812906ada797f849c1cd6b06b58ce4c
                                                                    • Instruction Fuzzy Hash: 0FA18A32A15B98C9EB01CBAAD4803EC77B0F359B88F548516EF8D57B69DB39D095C300
                                                                    Function 000000014005B480 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: 4b8af6986515120270ba365742b96f2dd5aa66236f7c22f50c2dfd717eb9943c
                                                                    • Instruction ID: d35a4813ebe911b3f3d06accd323ebf2fe1b7b1083f9830a8cc86ee30199d110
                                                                    • Opcode Fuzzy Hash: 4b8af6986515120270ba365742b96f2dd5aa66236f7c22f50c2dfd717eb9943c
                                                                    • Instruction Fuzzy Hash: D2A17832715B98C9EB12CB6AD4803EC67B0F359B88F648416EF8D57BA5EB39D095C300
                                                                    Function 000000014005C420 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Concurrency::cancel_current_task
                                                                    • String ID:
                                                                    • API String ID: 118556049-0
                                                                    • Opcode ID: 92ccbd0a8e0b9bab8b316c06ea776526206f989eac8567461fb4490da54086ea
                                                                    • Instruction ID: 854463cf17bdd6b58da1f7546ddcdbe712e6ab292ec46fef6426cf4f233b86a0
                                                                    • Opcode Fuzzy Hash: 92ccbd0a8e0b9bab8b316c06ea776526206f989eac8567461fb4490da54086ea
                                                                    • Instruction Fuzzy Hash: 4FA19C72721B9889EB02CBAAD4907EC37B0F359B88F549416EF8E57B65DB39C191C340
                                                                    Function 00000001400A9310 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLastValue$InfoLocale
                                                                    • String ID:
                                                                    • API String ID: 673564084-0
                                                                    • Opcode ID: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
                                                                    • Instruction ID: a4ca8649259d75ba04167a6e259112765b42d28c6b5c3f01e538b8ae298da7d2
                                                                    • Opcode Fuzzy Hash: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
                                                                    • Instruction Fuzzy Hash: 9431713270468186EF6ADB67E4513DE73A1F79C7C4F408225BB8A876A5DF38D691CB00
                                                                    Function 0000000140026510 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: QN
                                                                    • API String ID: 0-3349929942
                                                                    • Opcode ID: 4adeaebae40e5ff169471ee5d4a8d23a557c17ee84dec89bc840266fd6fece81
                                                                    • Instruction ID: 4f3d7730723fade62404a711111efc0fb212951dde9af45be0f290200e40d11c
                                                                    • Opcode Fuzzy Hash: 4adeaebae40e5ff169471ee5d4a8d23a557c17ee84dec89bc840266fd6fece81
                                                                    • Instruction Fuzzy Hash: BB02D432915BC489E7628F39E8813D977A4F7AD788F105315EBCC6BB69EB74C2908740
                                                                    Function 00000001400A9518 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLast$InfoLocaleValue
                                                                    • String ID:
                                                                    • API String ID: 3796814847-0
                                                                    • Opcode ID: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
                                                                    • Instruction ID: a262072600bdabd7c0679cf6d9857ba45dbebfe756d1e7f3d1e5b58b444c0772
                                                                    • Opcode Fuzzy Hash: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
                                                                    • Instruction Fuzzy Hash: B1110A32B1495183E7778777A04179E62A1E76C7E4F548721F766477E4E636C8C18B00
                                                                    Function 00000001400A9030 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLast$EnumLocalesSystemValue
                                                                    • String ID:
                                                                    • API String ID: 3029459697-0
                                                                    • Opcode ID: 0c241287891358d20c5c1590d81d3974ae3e0a48a457f3cbc01ffa927b921278
                                                                    • Instruction ID: 6ae5d8b3708d6626887a23f7dbcc4907dd0624352dc3dc594ae9d114bdff575e
                                                                    • Opcode Fuzzy Hash: 0c241287891358d20c5c1590d81d3974ae3e0a48a457f3cbc01ffa927b921278
                                                                    • Instruction Fuzzy Hash: 4D01D472B042808AEB128FA7E440BD976A1E768BE4F458321E765473E9CB7588C1CB00
                                                                    Function 00000001400783C0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AlgorithmCloseCryptProvider
                                                                    • String ID:
                                                                    • API String ID: 3378198380-0
                                                                    • Opcode ID: a49c3b6583adfaba8861ffbea0360190acc6ca0004127818107b2a19b5c9d09e
                                                                    • Instruction ID: 46cd3e4ecf0bf3881bc472a46e152dc7da49fa282612d15e85770da4dfb79c46
                                                                    • Opcode Fuzzy Hash: a49c3b6583adfaba8861ffbea0360190acc6ca0004127818107b2a19b5c9d09e
                                                                    • Instruction Fuzzy Hash: E901AFB2700A8481EF299B22E4583AD2361E748FC9F944410EF4C076A9DFBDC8858380
                                                                    Function 000000014009DAE0 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: EnumLocalesSystem
                                                                    • String ID:
                                                                    • API String ID: 2099609381-0
                                                                    • Opcode ID: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
                                                                    • Instruction ID: de712f23fd13e8c4d5100720269348e510cf31078cf0cbf84c59e1ff34ea8840
                                                                    • Opcode Fuzzy Hash: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
                                                                    • Instruction Fuzzy Hash: D8F037B2304B4083E705DB2AF8907D973A2E79DBC0F549126EB4983379CE38C9A1C300
                                                                    Function 0000000140096164 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID: 0-3916222277
                                                                    • Opcode ID: d56b133698f6429a15668cf33a50c2b0452d3e907794045ce25e286071ddca93
                                                                    • Instruction ID: 5985c16e8c7ee05d195531540a6d0c9df7fc115bbda66a9a795bdfadb218e8cb
                                                                    • Opcode Fuzzy Hash: d56b133698f6429a15668cf33a50c2b0452d3e907794045ce25e286071ddca93
                                                                    • Instruction Fuzzy Hash: CCB16D72204B848AEB66CF3AD0503AD3BB4F34DF88F684116EB8A473A5DB36C951C745
                                                                    Function 00000001400283D0 Relevance: .8, Instructions: 795COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d0538767b6b45461ea7b05e4291f3168d71c376be44ab5dc851c2711e80cf8c7
                                                                    • Instruction ID: 11b7f8a1af85b3332e8e9ec774ad9aafbdc42df1fa3ac2c6f6e342fe0cafe42d
                                                                    • Opcode Fuzzy Hash: d0538767b6b45461ea7b05e4291f3168d71c376be44ab5dc851c2711e80cf8c7
                                                                    • Instruction Fuzzy Hash: 6AA27136615FD88AD7418FAAEC8129973B6F748BA8B101619EFCC57F18EBB4C164C740
                                                                    Function 0000000140025520 Relevance: .8, Instructions: 792COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5e35f03aa72f71c4cef63a3631f52340a7714b9513cad78216b5a0f5b68282a1
                                                                    • Instruction ID: beef6051a45bce1b1226442735bbb051317004564f72870a77c8f5785136e9d7
                                                                    • Opcode Fuzzy Hash: 5e35f03aa72f71c4cef63a3631f52340a7714b9513cad78216b5a0f5b68282a1
                                                                    • Instruction Fuzzy Hash: B092B432915BC88AD7718F25E8813DAB7A8F79D788F505315EACC16B19EB38D394C704
                                                                    Function 0000000140062750 Relevance: .4, Instructions: 361COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                    • Instruction ID: 1d33147da6fef292ddb6e3dfce7d4f5fb46f2d394935471198070cec947208fe
                                                                    • Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                    • Instruction Fuzzy Hash: 23C1D073725A9487EB56CF63D9447A9B762F3D8BE0F55D120EB4A07B98CA38C846C700
                                                                    Function 0000000140006610 Relevance: .3, Instructions: 346COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fe7a290a570e9d3cc73f624a0d47eda25802d2b86087ba3fde031420589ba8c2
                                                                    • Instruction ID: dae7188b58aa12ed6a721d46ece6e361adde1b5e6735e4fc9e27f5ef3900fc0f
                                                                    • Opcode Fuzzy Hash: fe7a290a570e9d3cc73f624a0d47eda25802d2b86087ba3fde031420589ba8c2
                                                                    • Instruction Fuzzy Hash: DD12C532619BC88AE7718F29E84139AB7A4F79D788F505315EBCC57B19EB38C254CB04
                                                                    Function 0000000140075AB0 Relevance: .3, Instructions: 323COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                    • Instruction ID: 447b2b773560c4beaa4e67ccb80f79841d332dbb345d5add23c245d827f16df0
                                                                    • Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                    • Instruction Fuzzy Hash: 38C1C4B3A146948BE355CF2DD401A5D7BA0F398B84F40A629EB56C3B01E778D9A5CF80
                                                                    Function 000000014009A924 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 4023145424-0
                                                                    • Opcode ID: a2379e98abae736fe33e8b4f9fedcc0141c51f1be06055089ccb01d873b85599
                                                                    • Instruction ID: 81f69587606c8d6d2920975f800801ad71658ffe686509f5888f9c5868ecb4cc
                                                                    • Opcode Fuzzy Hash: a2379e98abae736fe33e8b4f9fedcc0141c51f1be06055089ccb01d873b85599
                                                                    • Instruction Fuzzy Hash: BFC1C27630468086EB629B6799107EA37A1F79ABC8F404115FF8A8BBE5EF3CC545C740
                                                                    Function 000000014009666C Relevance: .3, Instructions: 285COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f0c2dc1868310f7be340402d514fcc5ddbcaaf30b09b4b1a75e66e521b583746
                                                                    • Instruction ID: 3a803396a737e7e09fc37ffe396adff213b7af43b5bde25c7abf1f4bb1d46515
                                                                    • Opcode Fuzzy Hash: f0c2dc1868310f7be340402d514fcc5ddbcaaf30b09b4b1a75e66e521b583746
                                                                    • Instruction Fuzzy Hash: 21C1B832604A4486EB2ACF3BC5507AE37A0E749BCCF248215EF595B7E5DB3AC846D740
                                                                    Function 00000001400A8674 Relevance: .3, Instructions: 271COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLast$Value_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1500699246-0
                                                                    • Opcode ID: 468b93f19c7ca54f8d79ce9aecab092ca155e8bca1880fa3cbddf3014db9fedd
                                                                    • Instruction ID: 219554444d32d0e4537ad1326bba152ffa5b4e92018c9ef7381ea1e0fb4a3fed
                                                                    • Opcode Fuzzy Hash: 468b93f19c7ca54f8d79ce9aecab092ca155e8bca1880fa3cbddf3014db9fedd
                                                                    • Instruction Fuzzy Hash: A8B1CE7261468482EB76DF22D4117EA33A0F3A8BC8F544326EF56836E9DF78C595CB40
                                                                    Function 0000000140054720 Relevance: .2, Instructions: 187COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8096616a82d0af589e55529d9e21aaaddb0a4067eb04550f42ec58ec897b5e0e
                                                                    • Instruction ID: b20235c530f76bdce2ee3876d0716f49ee890a7daca5df87e94b1965b3cc0896
                                                                    • Opcode Fuzzy Hash: 8096616a82d0af589e55529d9e21aaaddb0a4067eb04550f42ec58ec897b5e0e
                                                                    • Instruction Fuzzy Hash: 8661B172714BC882DB21CB2AE4453EDA3A1F75D7D8F549211EB9D47BA8EB79D280C340
                                                                    Function 000000014009F7E6 Relevance: .2, Instructions: 160COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: afd72482e03d17e0c267891211c2a08fffdf3b2de236a6c27577c882ac387638
                                                                    • Instruction ID: e2c9dfdefbb9d112d0675f23ad41226c04d3d172fc5c8865881e53bf685bf733
                                                                    • Opcode Fuzzy Hash: afd72482e03d17e0c267891211c2a08fffdf3b2de236a6c27577c882ac387638
                                                                    • Instruction Fuzzy Hash: 4B51D87261878086EBB5CB2BA4413BAA690F74E7D4F544225FB9E43BE9DB3CC5409B00
                                                                    Function 000000014007E2F0 Relevance: .2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 138ce084abc59b7a62cd21c0bdb32c0536e72d2a6f022af23bd525f26c324e99
                                                                    • Instruction ID: 027d60879b43b0a81cc45adc781a0af0a38eddb82efb1c2e3e36529c8144405a
                                                                    • Opcode Fuzzy Hash: 138ce084abc59b7a62cd21c0bdb32c0536e72d2a6f022af23bd525f26c324e99
                                                                    • Instruction Fuzzy Hash: F85104A3B0568443DB248B49F842796F7A5FB987C5F00A126EE8D57B69EB3CD580C700
                                                                    Function 0000000140095394 Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                    • Instruction ID: 99ad1355632ae1fd69952ade0b8b880547fb4266a066a210fa678cc3ea636d96
                                                                    • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                    • Instruction Fuzzy Hash: 6D519236624A5086E7669B2BD0543AC3BA1E35CFDEF258111EF89477B5C736C893C740
                                                                    Function 0000000140095598 Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                    • Instruction ID: 1a5f552ae487ea52881a4b4007291b9de41d1dc95850a7e92b2562e97dc69483
                                                                    • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                    • Instruction Fuzzy Hash: 8B51C136224A50C6E7269B2BE0403A97BA1E34CFD9F684111EF49477B5D732CD43CB80
                                                                    Function 000000014009579C Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                    • Instruction ID: bf005c958525c39f9f98a73881a786616db269bc64c82d253bf23c47cd79f0e7
                                                                    • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                    • Instruction Fuzzy Hash: B3518036624A50C6E7269F2BC0503A93BA1E34DFA9F288111EF89577B4CB36CD43C780
                                                                    Function 00000001400ABB90 Relevance: .1, Instructions: 126COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 485612231-0
                                                                    • Opcode ID: b072ca8265509c148f4541a461e9c46211a015d1fc6d543edcef350f88236ae8
                                                                    • Instruction ID: be5b461f7ee288339d9b570e5532cccf87377d3a7bff12cd17e984541771d2f7
                                                                    • Opcode Fuzzy Hash: b072ca8265509c148f4541a461e9c46211a015d1fc6d543edcef350f88236ae8
                                                                    • Instruction Fuzzy Hash: 7641B172310A5482EF19CF2BD9647A973A1B35CFD0F59A126EF0D87B68EE38C5818700
                                                                    Function 00000001400D5160 Relevance: .1, Instructions: 83COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 089669ce669d081df486ff3b8b6641101563950708773524b1d9522e67aede12
                                                                    • Instruction ID: b7e38492203f7abc1e491ed0abd3b621df41d3afc1b4311ebdd3e988bab3f20c
                                                                    • Opcode Fuzzy Hash: 089669ce669d081df486ff3b8b6641101563950708773524b1d9522e67aede12
                                                                    • Instruction Fuzzy Hash: A53146BF54DBC00AF3536A7D4C2639E3F90AB96F45F0D815AAB81071E3E56648068B61
                                                                    Function 00000001400D5168 Relevance: .1, Instructions: 78COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 783f2eec1859eb4d5e5f2fdf3af40a27b15019a7ed358256412597de850fea12
                                                                    • Instruction ID: b12bf3c16a5d6c12397175f3f1fd157ec23eaafdfc214c01a87de6655d36ac77
                                                                    • Opcode Fuzzy Hash: 783f2eec1859eb4d5e5f2fdf3af40a27b15019a7ed358256412597de850fea12
                                                                    • Instruction Fuzzy Hash: 673137BF54EBC00AF3535A7D4C3639D3F90AB96F45F0DC15AAB81071D3E56648068B61
                                                                    Function 00000001400D5140 Relevance: .1, Instructions: 77COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 911394416a5fb5ac9b515dfc51e85484b9a328200e3329313af4be26ccdb30f5
                                                                    • Instruction ID: aa2f8a7dbb58fc365c3a8fd16ed59226eab26a5ada88dd2349ccc4f66fe2c2e5
                                                                    • Opcode Fuzzy Hash: 911394416a5fb5ac9b515dfc51e85484b9a328200e3329313af4be26ccdb30f5
                                                                    • Instruction Fuzzy Hash: F53158AF54DEC00AF3936A7D4C3639E3F90DB96F46F0D805AEB81031E3E42688024B61
                                                                    Function 00000001400D53A0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f1b6592297da477f47bc4ff112285600c105c28c02c61d9431ebaf8f23cc515d
                                                                    • Instruction ID: 2f5de9456db489e6349fe5fac7c728bb428c023e98d47e4a580f062c9bd56dbd
                                                                    • Opcode Fuzzy Hash: f1b6592297da477f47bc4ff112285600c105c28c02c61d9431ebaf8f23cc515d
                                                                    • Instruction Fuzzy Hash: 7A21CAF750DAC00AF3932E794D6A39C3F909B99F86F4DC159EB81031D3E8B598478622
                                                                    Function 00000001400D52E0 Relevance: .1, Instructions: 58COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 621a476faf91e54c4cc03539473d8505f5c368e1576c38102583692f8d871d13
                                                                    • Instruction ID: 4fba5d05e34204c22b3bba82af6e1151bd841cf2facc8e2ab9ee4cf9954dd0da
                                                                    • Opcode Fuzzy Hash: 621a476faf91e54c4cc03539473d8505f5c368e1576c38102583692f8d871d13
                                                                    • Instruction Fuzzy Hash: 601187F740EFC00BF3931E794D6638D3F90AB96F81F0E804AEB80431D3A965A9069611
                                                                    Function 00000001400D5720 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9961b442e1576310a3bba1fe8fed4727423dda6a192fd25a309501ccb606d3cb
                                                                    • Instruction ID: a3b66b0d6e5b57a215704f2c633b967f9b251cc1ef1c6aeecfa3ac384f4b1c13
                                                                    • Opcode Fuzzy Hash: 9961b442e1576310a3bba1fe8fed4727423dda6a192fd25a309501ccb606d3cb
                                                                    • Instruction Fuzzy Hash: D3118E9750EBC08FE3535A751C6534C2F70AB9AB91F5E8197D781832D3E559480A8732
                                                                    Function 00000001400D5688 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7815c8413f6a2a8e18976f86c541d20a89cc1ea0eb2583e60f44d9e2c30b8a26
                                                                    • Instruction ID: f26107a927af884358f2b2e2f9d036376b3884f6f3bc3d4bc6ca4c542444a85c
                                                                    • Opcode Fuzzy Hash: 7815c8413f6a2a8e18976f86c541d20a89cc1ea0eb2583e60f44d9e2c30b8a26
                                                                    • Instruction Fuzzy Hash: 4C01F45744EBC50AF3531A350C6E39C6FA09B96B52F8E8097EBC0871E3E42ACC578721
                                                                    Function 00000001400D54A0 Relevance: .0, Instructions: 20COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 633a867117d452b22201e5b3a42ffd539ff400b71c35a34595b3eca8d68ef229
                                                                    • Instruction ID: 66166356e3e42663ba3445fde79f1660939963f8f762c774ba2af530c85eb0a1
                                                                    • Opcode Fuzzy Hash: 633a867117d452b22201e5b3a42ffd539ff400b71c35a34595b3eca8d68ef229
                                                                    • Instruction Fuzzy Hash: 25E092BB40EBC00FF3631EB548163AC3F50EF55B1AF08814AE782030E3993584468B23
                                                                    Function 00000001400D56F8 Relevance: .0, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 92123dfd2565593975c2ad7267cbbd198131a2449c7d8256d9d4c0d27fe80176
                                                                    • Instruction ID: 411e9c7faa1a084a79b0b51271df2b4c76b6de559c48bc5e8d385bd3869b1003
                                                                    • Opcode Fuzzy Hash: 92123dfd2565593975c2ad7267cbbd198131a2449c7d8256d9d4c0d27fe80176
                                                                    • Instruction Fuzzy Hash: 70C012FFD0D48085FA53547958A53CC0FA1EB5B7E1F391459FB94431932011480B0AE1
                                                                    Function 00000001400D5660 Relevance: .0, Instructions: 12COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: db1e26d69dec6fa3d579c7cf62eb550d907964fe41f0c23f1b18bb165fa07a59
                                                                    • Instruction ID: d9db0127e48baae59ecc09d6b894aedd09a0dc822727eeae0400bf5bc600f074
                                                                    • Opcode Fuzzy Hash: db1e26d69dec6fa3d579c7cf62eb550d907964fe41f0c23f1b18bb165fa07a59
                                                                    • Instruction Fuzzy Hash: 6BE0ECA751C6C619E3535B794C68B582F409B5A725F9D43D6DBE0471E2E46484028211
                                                                    Function 0000000140074A30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                                    • String ID:
                                                                    • API String ID: 3925315391-0
                                                                    • Opcode ID: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
                                                                    • Instruction ID: 68b79e17468d5ffc7bdb11eb9da1f300de3bde19eb7119fa88f07868e24a99b8
                                                                    • Opcode Fuzzy Hash: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
                                                                    • Instruction Fuzzy Hash: E1815636215B8082EB52DB27E8507AEA7A4FB8CBD5F404115EF8947BA8DF7CC506CB00
                                                                    Function 0000000140057C00 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 202COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                    • API String ID: 0-2700065129
                                                                    • Opcode ID: d4d6e1f00baca8fa5c785b120d7762d1877a4de986df126110b89ab9b3beed74
                                                                    • Instruction ID: 44ba6145ae1bfc3c9eee5221331825ba00ebf41b129be2c708582a987009f12d
                                                                    • Opcode Fuzzy Hash: d4d6e1f00baca8fa5c785b120d7762d1877a4de986df126110b89ab9b3beed74
                                                                    • Instruction Fuzzy Hash: E3B1FB72111BC698EB72EF62DC817D83364E758388F809616E74D4B9BAEF74C699C700
                                                                    Function 0000000140090254 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: 0$0$0
                                                                    • API String ID: 3215553584-3137946472
                                                                    • Opcode ID: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
                                                                    • Instruction ID: 3213ef2b50ecd163c7d14e926568a975ace41416199d29b45c1ca283887101a0
                                                                    • Opcode Fuzzy Hash: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
                                                                    • Instruction Fuzzy Hash: BDE1D532506A858EF7629F2AC5903ED3BE5E75ABC4F558012FB84477F6C739886AC700
                                                                    Function 0000000140089B70 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                    • String ID:
                                                                    • API String ID: 3299295986-0
                                                                    • Opcode ID: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
                                                                    • Instruction ID: 4c793500f816d282acb2aabb8fc29ea38f6b32d5493fd496aff2a0b1b3cfbeb8
                                                                    • Opcode Fuzzy Hash: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
                                                                    • Instruction Fuzzy Hash: 96512A32B10A518AFB11DFA6E4507DD33B1B78C789F54412AEF0A67BA8DE38C906C750
                                                                    Function 000000014009DB5C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
                                                                    • Instruction ID: f73114aa169cb76ed7bb151e5edde51fcbf1469d6d678e3e652b687f2da571e4
                                                                    • Opcode Fuzzy Hash: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
                                                                    • Instruction Fuzzy Hash: 6341AE72351A1182FA27DB27A8147DA33D5BB4DBE1F494626BF0D877A8EE78C446C340
                                                                    Function 000000014007B2D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Internet$CloseFileHandleOpenRead
                                                                    • String ID: File Downloader
                                                                    • API String ID: 4038090926-3631955488
                                                                    • Opcode ID: 1e9de7057c166f37b575db31b5f1dc468b519a1c6aad4c6b10908d5ac9de1539
                                                                    • Instruction ID: 6b715f6a660270e928626361db48bc2de02284253a52f84719e93bd1f762254a
                                                                    • Opcode Fuzzy Hash: 1e9de7057c166f37b575db31b5f1dc468b519a1c6aad4c6b10908d5ac9de1539
                                                                    • Instruction Fuzzy Hash: 6B313B32214B8486EB229F26F85079EB3A1FB89BC5F545116FF8943B68DF7CC5958B00
                                                                    Function 00000001400938F0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: f$p$p
                                                                    • API String ID: 3215553584-1995029353
                                                                    • Opcode ID: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
                                                                    • Instruction ID: 8ef2ce2b4433a5174d3e3dbe1a20b96cbda26b55fe283d1aa6820eb14bd99968
                                                                    • Opcode Fuzzy Hash: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
                                                                    • Instruction Fuzzy Hash: 8912E572A0864186FB229B16E0687FA76A1F7887D4FC84115F7D6876F4D738C980CF10
                                                                    Function 00000001400B43CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 081807f0f237e99e654a6d52eb3ba83cc0c1c8883019cc9f4ec60aedd52be443
                                                                    • Instruction ID: d2d2b12301ccee3db6092258b470e539f8c69494279eba12926322fb6e990f4b
                                                                    • Opcode Fuzzy Hash: 081807f0f237e99e654a6d52eb3ba83cc0c1c8883019cc9f4ec60aedd52be443
                                                                    • Instruction Fuzzy Hash: C2315831212A9092EF23DF97A8007A963E4BB4CBE5F498625EF191B7A4EF38C5558310
                                                                    Function 00000001400AC8CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
                                                                    • Instruction ID: f15e57fd0cbad3ac117247ebeab47ab85c390eb31785d7c6841302a8b2ce117c
                                                                    • Opcode Fuzzy Hash: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
                                                                    • Instruction Fuzzy Hash: A111BC35324B8086F7529B07E85479AA3A4FB9CFE9F040224EF5987BB4CF78C8858740
                                                                    Function 00000001400BD42C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ByteCharMultiWide$CompareInfoString
                                                                    • String ID:
                                                                    • API String ID: 2984826149-0
                                                                    • Opcode ID: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
                                                                    • Instruction ID: f3d77999423992fadc64f97f79b2d010f51e5ad261fed549977a36ea05826e58
                                                                    • Opcode Fuzzy Hash: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
                                                                    • Instruction Fuzzy Hash: 44A1AD72645F8086EB339FA694507EDB7A1E749BE8F484622FB59077E5FB38C8448700
                                                                    Function 00000001400BD0CC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ByteCharMultiStringWide
                                                                    • String ID:
                                                                    • API String ID: 2829165498-0
                                                                    • Opcode ID: 7d9f455a94f84a05f587d57d339c879795f99f0f1217d4298ff39db3fa6ba98e
                                                                    • Instruction ID: 6204e7013e5cadcd1b8727ff30a8d0596e87d4a89eb5434169e5949405e06915
                                                                    • Opcode Fuzzy Hash: 7d9f455a94f84a05f587d57d339c879795f99f0f1217d4298ff39db3fa6ba98e
                                                                    • Instruction Fuzzy Hash: EE81A572200B8086EB629F66E8407DDB3F5FB58BE8F144616FB5947BE9EB38C5418700
                                                                    Function 0000000140090840 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
                                                                    • Instruction ID: 7b56d8f3e7d84661432cdb72d15b1222586d501d367448fe89141b583d9e4598
                                                                    • Opcode Fuzzy Hash: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
                                                                    • Instruction Fuzzy Hash: D0517633605B8489FB639F26D0603ED37A1A75EFC4F998052E7D8473A6CA3D8846C752
                                                                    Function 000000014009A064 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 000000014009A073
                                                                    • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0A9
                                                                    • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0D6
                                                                    • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0E7
                                                                    • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140094E71,?,?,?,?,000000014009D3FC), ref: 000000014009A0F8
                                                                    • SetLastError.KERNEL32 ref: 000000014009A113
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 74a32285de0c47ab91a83967746158860d645ca39d00d75b6023be0ced2f28da
                                                                    • Instruction ID: eeff4923b96ffbeaac783fc6dd0fa1487e36d7b8cfc170d4ae8f5156a2ba4d41
                                                                    • Opcode Fuzzy Hash: 74a32285de0c47ab91a83967746158860d645ca39d00d75b6023be0ced2f28da
                                                                    • Instruction Fuzzy Hash: 98111C3034568042FA5BA7336A623FD62925B8D7F0F544729BB3B07BF6DE39D4419241
                                                                    Function 000000014002DCE0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                                                    • String ID: ", "$: "
                                                                    • API String ID: 741338541-747220369
                                                                    • Opcode ID: 29093f96ef1d6a647cffed8f9725008a32391bd012f0b91b210945c5385b3f31
                                                                    • Instruction ID: a0ebd77add875ad15dad381f545e36b6a5c96292ae31a13c06a59994470402d1
                                                                    • Opcode Fuzzy Hash: 29093f96ef1d6a647cffed8f9725008a32391bd012f0b91b210945c5385b3f31
                                                                    • Instruction Fuzzy Hash: 2DB19C72700A8086EB05EF66E4943ED3361E758BC8F508526EF5D17BAADF38C895C384
                                                                    Function 00000001400A11C8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: c46414ac3fdd85b4477068871368765e537dd3c713840e1e7e27798a249fd8b8
                                                                    • Instruction ID: 7c99d57823d5afb7077b860ae2a769dfa0901ed505b92b6df9dbc51602fe9605
                                                                    • Opcode Fuzzy Hash: c46414ac3fdd85b4477068871368765e537dd3c713840e1e7e27798a249fd8b8
                                                                    • Instruction Fuzzy Hash: 8D81B232510A4449F7738B3BB4503EAA695AFAD7D8F144301BF96279F5E734C9D18E00
                                                                    Function 000000014009A12C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A14B
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A16A
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A192
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A1A3
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000000140097EF7,?,?,00000000,0000000140098192,?,?,?,?,-2723E8D8DEBC5093,000000014009811E), ref: 000000014009A1B4
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID:
                                                                    • API String ID: 3702945584-0
                                                                    • Opcode ID: 671a375f58b8ef2410b286a9e665e8ca28d49ab8a05773a6e334d4412765f13f
                                                                    • Instruction ID: 0eecc3e7c070fbf0bcafe1dd48680c6a3d0408fcd47933c8e5bef9cf617aa8ce
                                                                    • Opcode Fuzzy Hash: 671a375f58b8ef2410b286a9e665e8ca28d49ab8a05773a6e334d4412765f13f
                                                                    • Instruction Fuzzy Hash: 58118F3034524042FA5B93376A623FA62925B8D7F0F444325BB3E47BF6DE3CC4018240
                                                                    Function 0000000140049990 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                                    • String ID: bad locale name
                                                                    • API String ID: 1287851536-1405518554
                                                                    • Opcode ID: 3cedb528a0617067bf225fdb437733a283f1ee60c151b7ce9961097dc3adec8a
                                                                    • Instruction ID: 9a2edcff680919b35428e1209fb65e27f44ba661b4d9c7d5374eb54866a69a42
                                                                    • Opcode Fuzzy Hash: 3cedb528a0617067bf225fdb437733a283f1ee60c151b7ce9961097dc3adec8a
                                                                    • Instruction Fuzzy Hash: 6E917A72B01B808AEB16DFA6E4903DD7362EB48BC8F044535EF5D57AAADF38C4558384
                                                                    Function 00000001400BF0DC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                    • API String ID: 3215553584-1196891531
                                                                    • Opcode ID: a61b9dafeebeef71c778538e02d1dd93d241f4be75a88b4b5df5efb2b9ec5def
                                                                    • Instruction ID: 8cb6542061ef7d37a80eb2345665ae9640161e3f439a4ea34f0695e2e3c1826a
                                                                    • Opcode Fuzzy Hash: a61b9dafeebeef71c778538e02d1dd93d241f4be75a88b4b5df5efb2b9ec5def
                                                                    • Instruction Fuzzy Hash: 02818A7A604A4085FBAB9FABC1503F93BF0E319BC8F958405EB02972B5D339CA41A741
                                                                    Function 000000014002CA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                    • String ID: bad locale name
                                                                    • API String ID: 1612978173-1405518554
                                                                    • Opcode ID: 80f950e83455594405f3186e39a91f83d6c126c433fd171819c85ce53b8761c8
                                                                    • Instruction ID: 207d3642c3b50f17bf177e439d3fe9f40958c29cbdde464f884d1d612c46b59d
                                                                    • Opcode Fuzzy Hash: 80f950e83455594405f3186e39a91f83d6c126c433fd171819c85ce53b8761c8
                                                                    • Instruction Fuzzy Hash: 71516836711B408AEB16DFB2E4917EC33B5EB48788F044429EF8927AA6DF34C526D344
                                                                    Function 00000001400BB210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: GetTempPath2W$kernel32.dll
                                                                    • API String ID: 1646373207-1846531799
                                                                    • Opcode ID: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
                                                                    • Instruction ID: 8948df6339a09da6af2494f7b4aca6647369a72829e4e3643078e2be1e3806b8
                                                                    • Opcode Fuzzy Hash: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
                                                                    • Instruction Fuzzy Hash: 25E01231300A0582EE06AB12F9887AD6321FF8CBC2F985025EF0E07334EE3CC44A8710
                                                                    Function 0000000140075180 Relevance: 6.5, APIs: 4, Instructions: 478COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
                                                                    • String ID:
                                                                    • API String ID: 1562318730-0
                                                                    • Opcode ID: e9adf443fdba402522f6b2fbfe08ffe1992486fea4281117de5b942d86f2cd93
                                                                    • Instruction ID: b989d0c3521bf1bda4b832789374d1dbd4a24a2220b16c2c936b04ff1824fe50
                                                                    • Opcode Fuzzy Hash: e9adf443fdba402522f6b2fbfe08ffe1992486fea4281117de5b942d86f2cd93
                                                                    • Instruction Fuzzy Hash: A722AB72B14B8086FB02AB6AD4443DD2761E7897E8F505615FBAD17AFADFB8C481C700
                                                                    Function 000000014009C578 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
                                                                    • Instruction ID: 83f89cefb2d932c64b68d175d5ea0fe2b41a0143d6f3692f9e6e20abd60b4dae
                                                                    • Opcode Fuzzy Hash: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
                                                                    • Instruction Fuzzy Hash: 4BD1CF72B24A808AE712CF6AD444BDC37B1F758BD8F444216EF9E97BA9DA34C446C740
                                                                    Function 0000000140042C80 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                    • String ID:
                                                                    • API String ID: 3698853521-0
                                                                    • Opcode ID: c9a1a8139d8810aad24f7145a6566e187178f19033a855930054ed48ba3ff1cb
                                                                    • Instruction ID: be7052521538f46ca31769c5e8ad34a96fa69d07cef5d8ccdfe7c05edfc6c238
                                                                    • Opcode Fuzzy Hash: c9a1a8139d8810aad24f7145a6566e187178f19033a855930054ed48ba3ff1cb
                                                                    • Instruction Fuzzy Hash: 4E415A32324A8082EA66DF16E4507D973A4F78CBD4F9A5621FB99477B5DF38C482C704
                                                                    Function 00000001400906FC Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: f1f9df1a05da3301ed415653e8360f7cb12179a044a2575d07df28b1a0800ec9
                                                                    • Instruction ID: 9d625922f0084f738925744b6ce75ac3468dc28db60b1638888baded20588c2c
                                                                    • Opcode Fuzzy Hash: f1f9df1a05da3301ed415653e8360f7cb12179a044a2575d07df28b1a0800ec9
                                                                    • Instruction Fuzzy Hash: 63417F32509A8489EB63CF66C4203ED7BA0FB4DFD4F4AC042EB88073A6DA39C446C711
                                                                    Function 00000001400478A0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                    • String ID:
                                                                    • API String ID: 1168246061-0
                                                                    • Opcode ID: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
                                                                    • Instruction ID: 13c908d1154428c6937b5c3509377b7ccdd79ff15f68ab15f939c0ebe6def4ce
                                                                    • Opcode Fuzzy Hash: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
                                                                    • Instruction Fuzzy Hash: 70413932224A4081FA26DF17E850BD96760F78CBE4F591622EB9D477B9DF38D982C704
                                                                    Function 000000014007AB80 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                    • String ID:
                                                                    • API String ID: 1168246061-0
                                                                    • Opcode ID: 73d040060e39de7473f733929aeeb815445ca65359d0c265211a911782271014
                                                                    • Instruction ID: 74d7fc06fc51955d11541e88f1d53fd6ed53de51744ee963c2a23d3aba2a14c1
                                                                    • Opcode Fuzzy Hash: 73d040060e39de7473f733929aeeb815445ca65359d0c265211a911782271014
                                                                    • Instruction Fuzzy Hash: E2415B36214A8096FA27DF27E8507DA67A0F78DBE4F581621BB9D477B5DE3CC4818700
                                                                    Function 00000001400BB3F4 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ByteCharErrorLastMultiWide
                                                                    • String ID:
                                                                    • API String ID: 203985260-0
                                                                    • Opcode ID: b0c4d9c72fcc6461851340ae7f6c093d4e41e08a8bab11e5154c9cbc0382217d
                                                                    • Instruction ID: a031f3bea18fd59b085b3d452c6f81a1a71a70fbd363d9f8fa6e03f334feb155
                                                                    • Opcode Fuzzy Hash: b0c4d9c72fcc6461851340ae7f6c093d4e41e08a8bab11e5154c9cbc0382217d
                                                                    • Instruction Fuzzy Hash: 0A216D76614B848BE7208F12E44435FBBB4F79DFD5F240128EB8997B65DB38C5028B00
                                                                    Function 00000001400BB8E0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                                    • String ID:
                                                                    • API String ID: 156590933-0
                                                                    • Opcode ID: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
                                                                    • Instruction ID: 62e66b62d14fa543578834bf2b4ef4b7e56291556af98af6738b9ddd7679e05d
                                                                    • Opcode Fuzzy Hash: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
                                                                    • Instruction Fuzzy Hash: 4A11A032218A4087FB625FABA0843BE6371E78C7F0F100614BBB747AF5DAB8C5418B00
                                                                    Function 00000001400AF908 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
                                                                    • Instruction ID: b655b697fc6b073ddc816c875066984fbd2aa83c7f17d9a519f4fc4b792de05b
                                                                    • Opcode Fuzzy Hash: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
                                                                    • Instruction Fuzzy Hash: 1A111532710F008AEB01DB62E8543A833A4F71DB99F441A25EF6D877A4DF78C1A98380
                                                                    Function 000000014002EBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: [json.exception.
                                                                    • API String ID: 0-791563284
                                                                    • Opcode ID: 7184a3ad5ff91fc1a1701c9c10d0429acf130cbf05f0541bdc6e2c022f7ee3be
                                                                    • Instruction ID: 9bf36a7d67488c1de92e381038431f8e667d7f893a013056b17c91b8c17c49e4
                                                                    • Opcode Fuzzy Hash: 7184a3ad5ff91fc1a1701c9c10d0429acf130cbf05f0541bdc6e2c022f7ee3be
                                                                    • Instruction Fuzzy Hash: DA71D172F10B9085FB02CF7AE8413DD67A1E799BD8F245215EF5917BAADB78C4828340
                                                                    Function 000000014008E0C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: os_crypt$out_of_range
                                                                    • API String ID: 592178966-3828104817
                                                                    • Opcode ID: a1f6624c129788918c44e34af2e64e442266af5d95928219844bda15b680f5df
                                                                    • Instruction ID: 4f2fff603e58c947ecf32cdebf0283daead70b4db8106c5da3d201fcb65b89be
                                                                    • Opcode Fuzzy Hash: a1f6624c129788918c44e34af2e64e442266af5d95928219844bda15b680f5df
                                                                    • Instruction Fuzzy Hash: 64716D73B15B8089FB02DBB6D4513DC2362A79D7E8F509711AFAC17AE9EA78C185C340
                                                                    Function 000000014007B100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                    • String ID: bad locale name
                                                                    • API String ID: 3988782225-1405518554
                                                                    • Opcode ID: 829915ec12f2232d825db8a6b4ddec4dc6eb82e46016816ccbb5a951b3d0af81
                                                                    • Instruction ID: a70bdc5d483a3a6709f00792b18fb0141f1d3f3c4e5a5c8a55365fd5953b6739
                                                                    • Opcode Fuzzy Hash: 829915ec12f2232d825db8a6b4ddec4dc6eb82e46016816ccbb5a951b3d0af81
                                                                    • Instruction Fuzzy Hash: C7514D33702A408AEB56DFB2E4503ED33B4EB58B88F044025FF5967AA6DE38C5168344
                                                                    Function 000000014004A600 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                    • String ID: bad locale name
                                                                    • API String ID: 3988782225-1405518554
                                                                    • Opcode ID: e577f3afaf8ac30996d405b8c9672a3754bdcc53408be29aeb9b653a438587d5
                                                                    • Instruction ID: 198352202ef1475b794fd52093b47f8c285fde63b82ab9b5d546a8a9e2019f38
                                                                    • Opcode Fuzzy Hash: e577f3afaf8ac30996d405b8c9672a3754bdcc53408be29aeb9b653a438587d5
                                                                    • Instruction Fuzzy Hash: 87513A32706A4089EB56DFB2E8907EC33B4EB58788F044535FB4967AA6DF38C525D348
                                                                    Function 000000014009CC10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2519446987.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_140000000_Xeno Executor.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
                                                                    • Instruction ID: 265af7a89e28bd5e55a3246d438a373a726ea37e60e0b815f1dbf572d141d70c
                                                                    • Opcode Fuzzy Hash: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
                                                                    • Instruction Fuzzy Hash: A4419F72625A8082EB219F26E4447EA67A0F79CBD4F444121EF4D877A8EB3CC441CB40